Bv9ARM.ch06.html revision 3287b57976fa270224c18aa21445d24bb7fa760f
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>BIND 9 Configuration Reference</TITLE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="GENERATOR"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCONTENT="Modular DocBook HTML Stylesheet Version 1.41"><LINK
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceREL="PREVIOUS"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTITLE="The BIND 9 Lightweight Resolver"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTITLE="BIND 9 Security Considerations"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceBGCOLOR="#FFFFFF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTEXT="#000000"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceLINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVLINK="#840084"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVHEADER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="chapter"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Chapter 6. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Configuration Reference</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Table of Contents</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration File Elements</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration File Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone File</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 configuration is broadly similar to <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethere are a few new areas of configuration, such as views. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce8.x configuration files should work with few alterations in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce9, although more complex configurations should be reviewed to check
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif they can be more efficiently implemented using the new features
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefound in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4 configuration files can be converted to the new format
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing the shell script
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1. Configuration File Elements</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following is a list of elements used throughout the <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefile documentation:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>acl_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The name of an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefined by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A list of one or more <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip_prefix</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>acl_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> elements, see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A quoted string which will be used as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea DNS name, for example "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dotted_decimal</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>One or more integers valued 0 through
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce255 separated only by dots (`.'), such as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>89.123.45.67</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip4_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IPv4 address with exactly four elements
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dotted_decimal</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip6_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IPv6 address, such as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fe80::200:f8ff:fe01:9742</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip4_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip6_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IP port <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is limited to 0 through 65535, with values
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebelow 1024 typically restricted to root-owned processes. In some
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecases an asterisk (`*') character can be used as a placeholder to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceselect a random high-numbered port.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip_prefix</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IP network specified as an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowed by a slash (`/') and then the number of bits in the netmask.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTrailing zeros in a <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> may omitted.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example, <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the network <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>127.0.0.0</B
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceCLASS="command"
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric Luce>255.0.0.0</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> with netmask <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>255.255.255.240</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> representing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe name of a shared key, to be used for transaction security.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>key_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A list of one or more <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceseparated by semicolons and ending with a semicolon.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A non-negative integer with an entire
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerange limited by the range of a C language signed integer (2,147,483,647
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon a machine with 32 bit integers). Its acceptable value might further
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe limited by the context in which it is used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A quoted string which will be used as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea pathname, such as <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A number, the word <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor the word <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is that of unsigned long integers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the machine. An <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> requests unlimited
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse, or the maximum available amount. A <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe limit that was in force when the server was started.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptionally be followed by a scaling factor: <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekilobytes, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemegabytes, and <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for gigabytes,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich scale by 1024, 1024*1024, and 1024*1024*1024 respectively.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestorage overflow is currently silently ignored during conversion
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof scaled values, resulting in values less than intended, possibly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeven negative. Using <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the best way
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto safely set a really large number.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe words <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucealso accepted, as are the numbers <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dialup_option</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-passive</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen used in a zone, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-passive</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare restricted to slave and stub zones.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1. Address Match Lists</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1206"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1.1. Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> = address_match_list_element ;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address_match_list_element; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list_element</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] (ip_address [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/length</SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce key key_id | acl_name | { address_match_list } )
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1214"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1.2. Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Address match lists are primarily used to determine access
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontrol for various server operations. They are also used to define
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepriorities for querying other nameservers and to set the addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will listen for queries. The elements
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich constitute an address match list can be any of the following:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IP address (IPv4 or IPv6)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IP prefix (in the `/'-notation)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a key ID, as defined by the key statement</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the name of an address match list previously defined with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a nested address match list enclosed in braces</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Elements can be negated with a leading exclamation mark (`!')
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the match list names "any," "none," "localhost" and "localnets"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare predefined. More information on those names can be found in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe description of the acl statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The addition of the key clause made the name of this syntactic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceelement something of a misnomer, since security keys can be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto validate access without regard to a host or network address. Nonetheless,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe term "address match list" is still used throughout the documentation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When a given IP address or prefix is compared to an address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematch list, the list is traversed in order until an element matches.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe interpretation of a match depends on whether the list is being used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor access control, defining listen-on ports, or as a topology,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand whether the element was negated.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When used as an access control list, a non-negated match allows
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaccess and a negated match denies access. If there is no match,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaccess is denied. The clauses <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>blackhole</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse address match lists this. Similarly, the listen-on option will cause
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server to not accept queries on any of the machine's addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich do not match the list.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When used with the topology clause, a non-negated match returns
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea distance based on its position on the list (the closer the match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis to the start of the list, the shorter the distance is between
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit and the server). A negated match will be assigned the maximum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedistance from the server. If there is no match, the address will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceget a distance which is further than any non-negated list element,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand closer than any negated element.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Because of the first-match aspect of the algorithm, an element
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat defines a subset of another element in the list should come
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebefore the broader element, regardless of whether either is negated. For
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> the 1.2.3.13 element is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecompletely useless because the algorithm will match any lookup for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat problem by having 1.2.3.13 blocked by the negation but all
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceother 1.2.3.* hosts fall through.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1243"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2. Comment Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 comment syntax allows for comments to appear
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce anywhere that white space may appear in a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file. To appeal to programmers of all kinds, they can be written
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1248"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2.1. Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/* This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in C */</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>// This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in C++</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce># This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in common UNIX shells and perl</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1257"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2.2. Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Comments may appear anywhere that whitespace may appear in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C-style comments start with the two characters /* (slash,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestar) and end with */ (star, slash). Because they are completely
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedelimited with these characters, they can be used to comment only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea portion of a line or to span multiple lines.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C-style comments cannot be nested. For example, the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not valid because the entire comment ends with the first */:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/* This is the start of a comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is still part of the comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce/* This is an incorrect attempt at nesting a comment. */
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is no longer in any comment. */
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C++-style comments start with the two characters // (slash,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceslash) and continue to the end of the physical line. They cannot
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe continued across multiple physical lines; to have one logical
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecomment span multiple lines, each line must use the // pair.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>// This is the start of a comment. The next line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// is a new comment, even though it is logically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// part of the previous comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Shell-style (or perl-style, if you prefer) comments start
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith the character <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (number sign) and continue to the end of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucephysical line, as in C++ comments.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce># This is the start of a comment. The next line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce# is a new comment, even though it is logically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce# part of the previous comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="warning"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="warning"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="CENTER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>WARNING: you cannot use the semicolon (`;') character
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to start a comment such as you would in a zone file. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce semicolon indicates the end of a configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="Configuration_File_Grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2. Configuration File Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 configuration consists of statements and comments.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Statements end with a semicolon. Statements and comments are the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce only elements that can appear without enclosing braces. Many
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statements contain a block of substatements, which are also
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce terminated with a semicolon.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following statements are supported:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a named IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematching list, for access control and other uses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>declares control channels to be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> utility.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>includes a file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>specifies key information for use in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceauthentication and authorization using TSIG.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>specifies what the server logs, and where
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe log messages are sent.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>controls global server configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions and sets defaults for other statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sets certain configuration options on
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea per-server basis.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines trusted DNSSEC keys.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a view.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements may only occur once per
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce configuration.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1350"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce address_match_list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement assigns a symbolic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce name to an address match list. It gets its name from a primary
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce use of address match lists: Access Control Lists (ACLs).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Note that an address match list's name must be defined
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> before it can be used elsewhere; no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce forward references are allowed.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following ACLs are built-in:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches no hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>localhost</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches the IP addresses of all interfaces
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>localnets</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches any host on a network for which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe system has an interface.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1392"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce inet ( ip_addr | * ) [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> port ip_port </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address_match_list </I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> key_list </I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> inet ...; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1401"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> statement declares control
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce channels to be used by system administrators to affect the
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson operation of the local nameserver. These control channels are
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson used by the <B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> utility to send commands to
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce and retrieve non-DNS results from a nameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce socket accessible to the Internet, created at the specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> on the specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. If no port is specified, port 953
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is used by default. "*" cannot be used for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The ability to issue commands over the control channel is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce restricted by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clauses. Connections to the control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channel are permitted based on the address permissions in
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce members of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ignored, and instead are interpreted independently based the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is allowed to be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce authenticate commands and responses given over the control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channel by digitally signing each message between the server and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a command client (See <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Remote Name Daemon Control application</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch03.html#admin_tools"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 3.4.1.2</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>). All commands to the control channel
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce must be signed by one of its specified keys to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce be honored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The UNIX control channel type of <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 is not supported
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9.0.0, and is not expected to be added in future
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce releases. If it is present in the controls statement from a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 configuration file, a non-fatal warning will be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1427"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1432"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement inserts the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce specified file at the point that the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement is encountered. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement facilitates the administration of configuration files
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce by permitting the reading or writing of some things but not
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce others. For example, the statement could include private keys
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that are readable only by a nameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1439"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce algorithm <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1446"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines a shared
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce secret key for use with TSIG, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, also known as the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce key name, is a domain name uniquely identifying the key. It can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce be used in a "server" statement to cause requests sent to that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce server to be signed with this key, or in address match lists to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce verify that incoming requests have been signed with a key
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce matching this name, algorithm, and secret.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>algorithm_id</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is a string
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that specifies a security/authentication algorithm. The only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce algorithm currently supported with TSIG authentication is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>hmac-md5</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>secret_string</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the secret to be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce used by the algorithm, and is treated as a base-64 encoded
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1458"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>syslog_facility</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>critical</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-category</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-severity</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_nam</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1498"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement configures a wide
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevariety of logging options for the nameserver. Its <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceassociates output methods, format options and severity levels with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea name that can then be used with the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto select how various classes of messages are logged.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is used to define
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas many channels and categories as are wanted. If there is no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe logging configuration will be:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce category "default" { "default_syslog"; "default_debug"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, the logging configuration is only established when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe entire configuration file has been parsed. In <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceestablished as soon as the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas parsed. When the server is starting up, all logging messages
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceregarding syntax errors in the configuration file go to the default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannels, or to standard error if the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas specified.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1514"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.10.1. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All log output goes to one or more <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceyou can make as many of them as you want.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Every channel definition must include a destination clause that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesays whether messages selected for the channel go to a file, to a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceparticular syslog facility, to the standard error stream, or are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucediscarded. It can optionally also limit the message severity level
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat will be accepted by the channel (the default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>), and whether to include a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>-generated time stamp, the category name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand/or severity level (the default is not to include any).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> destination clause
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecauses all messages sent to the channel to be discarded;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein that case, other options for the channel are meaningless.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> destination clause directs the channel
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto a disk file. It can include limitations
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceboth on how large the file is allowed to become, and how many versions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the file will be saved each time the file is opened.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option for files is simply a hard
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceceiling on log growth. If the file ever exceeds the size, then <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot write anything more to it until the file is reopened; exceeding
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe size does not automatically trigger a reopen. The default behavior
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not to limit the size of the file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you use the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> log file option,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will retain that many backup versions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the file by renaming them when opening. For example, if you choose
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto keep 3 old versions of the file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucejust before it is opened <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerenamed to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerenamed to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. No rolled versions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare kept by default; any existing log file is simply appended. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis synonymous with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> in current <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> releases.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Example usage of the size and versions options:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "an_example_channel" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file "example.log" versions 3 size 20m;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce print-time yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce print-category yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> destination clause directs the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel to the system log. Its argument is a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesyslog facility as described in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will handle messages sent to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis facility is described in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepage. If you have a system which uses a very old version of <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly uses two arguments to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>openlog()</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethen this clause is silently ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause works like <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"priorities," except that they can also be used if you are writing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestraight to a file rather than using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceMessages which are not at least of the severity level given will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot be selected for the channel; messages of higher severity levels
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be accepted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you are using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, then the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill also determine what eventually passes through. For example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefining a channel facility and severity as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly logging <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecause messages of severity <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe dropped. If the situation were reversed, with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemessages of only <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or higher, then <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprint all messages it received from the channel.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> destination clause directs the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel to the server's standard error stream. This is intended for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse when the server is running as a foreground process, for example
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhen debugging a configuration.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server can supply extensive debugging information when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit is in debugging mode. If the server's global debug level is greater
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethan zero, then debugging mode will be active. The global debug
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel is set either by starting the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> flag followed by a positive integer,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor by running <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rndc trace</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemethod is not yet implemented.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> The global debug level
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan be set to zero, and debugging mode turned off, by running <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. All debugging messages in the server have a debug
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel, and higher debug levels give more detailed output. Channels
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat specify a specific debug severity, for example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "specific_debug_level" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity debug 3;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will get debugging output of level 3 or less any time the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver is in debugging mode, regardless of the global debugging
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel. Channels with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> severity use the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver's global level to determine what messages to print.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has been turned on, then
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe date and time will be logged. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe specified for a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> channel, but is usually
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepointless since <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> also prints the date and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-category</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is requested, then the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory of the message will be logged as well. Finally, if <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-severity</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon, then the severity level of the message will be logged. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> options may
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe used in any combination, and will always be printed in the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceorder: time, category, severity. Here is an example where all three <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="computeroutput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>28-Feb-2000 15:05:32.863 general: notice: running</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>There are four predefined channels that are used for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>'s default logging as follows. How they are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused is described in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#the_category_phrase"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.10.2</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "default_syslog" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce syslog daemon; // end to syslog's daemon
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity info; // only send priority info
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // and higher
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel "default_debug" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // the working directory
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Note: stderr is used instead
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // if the server is started
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // with the '-f' option.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity dynamic // log at the server's
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // current debug level
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel "default_stderr" { // writes to stderr
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity info; // only send priority info
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // and higher
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel "null" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce null; // toss anything sent to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // this channel
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default_debug</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> channel normally writes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto a file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> in the server's working
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedirectory. For security reasons, when the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecommand line option is used, the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis created only after <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has changed to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenew UID, and any debug output generated while <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestarting up and still running as root is discarded. If you need
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto capture this output, you must run the server with the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoption and redirect standard error to a file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Once a channel is defined, it cannot be redefined. Thus you
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecannot alter the built-in channels directly, but you can modify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe default logging by pointing categories at channels you have defined.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="the_category_phrase"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.10.2. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>There are many categories, so you can send the logs you want
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto see wherever you want, without seeing logs you don't want. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceyou don't specify a list of channels for a category, then log messages
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein that category will be sent to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinstead. If you don't specify a default category, the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"default default" is used:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category "default" { "default_syslog"; "default_debug"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>As an example, let's say you want to log security events to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea file, but you also want keep the default logging behavior. You'd
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecify the following:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "my_security_channel" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file "my_security_file";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity info;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory "security" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "my_security_channel";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "default_syslog";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "default_debug";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To discard all messages in a category, specify the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> channel:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category "xfer-out" { "null"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory "notify" { "null"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following are the available categories and brief descriptions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the types of log information they contain. More
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategories may be added in future <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> releases.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The default category defines the logging
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions for those categories where no specific configuration has been
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The catch-all. Many things still aren't
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclassified into categories, and they all end up here.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Messages relating to the databases used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinternally by the name server to store zone and cache data.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Approval and denial of requests.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration file parsing and processing.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>DNS resolution, such as the recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelookups performed on behalf of clients by a caching name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone transfers the server is receiving.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone transfers the server is sending.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The NOTIFY protocol.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Processing of client requests.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Network operations.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Dynamic updates.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1699"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> This is the grammar of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatement in the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> listen-on { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> search { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1723"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement configures the name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver to also act as a lightweight resolver server, see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 5.2</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. There may be be multiple
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements configuring
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelightweight resolver servers with different properties.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement specifies a list of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaddresses (and ports) that this instance of a lightweight resolver daemon
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshould accept requests on. If no port is specified, port 921 is used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf this statement is omitted, requests will be accepted on 127.0.0.1,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement binds this instance of a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelightweight resolver daemon to a view in the DNS namespace, so that the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresponse will be constructed in the same manner as a normal DNS query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematching this view. If this statement is omitted, the default view is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused, and if there is no default view, an error is triggered.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is equivalent to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. It provides a list of domains
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich are appended to relative names in queries.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is equivalent to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. It indicates the minimum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenumber of dots in a relative domain name that should result in an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexact match lookup before search path elements are appended.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1742"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This is the grammar of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatement in the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> version <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>version_string</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> directory <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> named-xfer <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tkey-domain <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domainname</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tkey-dhkey <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> dump-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> memstatistics-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> pid-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="optional"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric Luce> statistics-file <TT
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="replaceable"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric Luce>path_name</I
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="optional"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric Luce> zone-statistics <TT
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> auth-nxdomain <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> deallocate-on-exit <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dialup_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> fake-iquery <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> fetch-glue <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has-old-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> host-statistics <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> multiple-cnames <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> recursion <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> rfc2308-type1 <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> use-id-pool <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> maintain-ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forward ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forwarders { [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> check-names ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-query { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-transfer { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-recursion { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-v6-synthesis { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> blackhole { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> listen-on [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> listen-on-v6 [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> query-source [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tcp-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> recursive-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> serial-queries <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-format <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>( one-answer | many-answers )</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-per-ns <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notify-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notify-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> also-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ixfr-log-size <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> coresize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> datasize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> stacksize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> cleaning-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> heartbeat-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> interface-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statistics-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> topology [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sortlist [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> rrset-order [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>order_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>order_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> lame-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ncache-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-cache-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sig-validity-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-roots <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> use-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> treat-cr-as-space <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-retry-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-retry-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> additional-from-auth <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> additional-from-cache <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> random-device <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN1948"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition andUsage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement sets up global options
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be used by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. This statement may appear only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonce in a configuration file. If more than one occurrence is found,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe first occurrence determines the actual options used, and a warning
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be generated. If there is no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatement, an options block with each option set to its default will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The version the server should report
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevia a query of name <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is the real version number of this server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>directory</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The working directory of the server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAny non-absolute pathnames in the configuration file will be taken
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas relative to this directory. The default location for most server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>) is this directory.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf a directory is not specified, the working directory defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>', the directory from which the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas started. The directory specified should be an absolute path.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete.</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIt was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecify the pathname to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, no separate <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceneeded; its functionality is built into the name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The domain appended to the names of all
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshared keys generated with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. When a client
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerequests a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> exchange, it may or may not specify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe desired name for the key. If present, the name of the shared
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekey will be "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>client specified part</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceOtherwise, the name of the shared key will be "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>". In most cases,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domainname</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> should be the server's domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-dhkey</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The Diffie-Hellman key used by the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto generate shared keys with clients using the Diffie-Hellman mode
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. The server must be able to load the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepublic and private keys from files in the working directory. In
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemost cases, the keyname should be the server's host name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dump-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server dumps
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe database to when instructed to do so with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rndc dumpdb</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf not specified, the default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>memstatistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server writes memory
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusage statistics to on exit. If not specified,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server writes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceits process ID in. If not specified, the default is operating system
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedependent, but is usually
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe pid-file is used by programs that want to send signals to the running
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server appends statistics
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto when instructed to do so using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rndc stats</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf not specified, the default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver's current directory. The format of the file is described
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#statsfile"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.14</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereceiving and sending DNS protocol traffic.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is 53. This option is mainly intended for server testing;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea server using a port other than 53 will not be able to communicate with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe global DNS.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option should be placed at
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe beginning of the options block, before
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany other options that take port numbers or IP addresses,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto ensure that the port value takes effect for all addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused by the server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>random-device</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> The source of entropy to be used by the server. Entropy is primarily needed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor DNSSEC operations, such as TKEY transactions and dynamic update of signed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezones. This options specifies the device (or file) from which to read
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceentropy. If this is a file, operations requiring entropy will fail when the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefile has been exhausted. If not specified, the default value is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(or equivalent) when present, and none otherwise. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>random-device</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option takes effect during
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe initial configuration load at server startup time and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis ignored on subsequent reloads.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="boolean_options"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.1. Boolean Options</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>auth-nxdomain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, then the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis always set on NXDOMAIN responses, even if the server is not actually
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceauthoritative. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea change from <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8. If you are using very old DNS software, you
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay need to set it to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>deallocate-on-exit</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to enable checking
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor memory leaks on exit. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 ignores the option and always performs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe checks.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver treats all zones as if they are doing zone transfers across
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea dial on demand dialup link, which can be brought up by traffic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoriginating from this server. This has different effects according
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonto zone type and concentrates the zone maintenance so that it all
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonhappens in a short interval, once every <B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehopefully during the one call. It also suppresses some of the normal
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone maintenance traffic. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay also be specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein which case it overrides the global <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If the zone is a master zone then the server will send out a NOTIFY
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerequest to all the slaves. This will trigger the zone serial number check
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the slave (providing it supports NOTIFY) allowing the slave to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceverify the zone while the connection is active.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone is a slave or stub zone, then the server will suppress the regular
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"zone up to date" (refresh) queries and only perform them when the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> expires in addition to sending
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNOTIFY requests.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Finer control can be achieved by using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> which only sends NOTIFY messages,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-passive</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> which sends NOTIFY messages and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesuppresses the normal refresh queries, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich suppresses normal refresh processing and send refresh queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> expires and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> which just disables normal refresh
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprocessing.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce>fake-iquery</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8, this option was used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceenable simulating the obsolete DNS query type
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIQUERY. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 never does IQUERY simulation.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fetch-glue</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIn BIND 8, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fetch-glue yes</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecaused the server to attempt to fetch glue resource records it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedidn't have when constructing the additional
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata section of a response. This is now considered a bad idea
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand BIND 9 never does it.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>has-old-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was incorrectly implemented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> 8, and is ignored by <SPAN
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTo achieve the intended effect
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>has-old-clients</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="userinput"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonthe two separate options <B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>auth-nxdomain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rfc2308-type1</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>host-statistics</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>In BIND 8, this enables keeping of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatistics for every host that the nameserver interacts with.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNot implemented in BIND 9.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>maintain-ixfr-base</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce It was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to determine whether a transaction log was
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekept for Incremental Zone Transfer. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 maintains a transaction
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelog whenever possible. If you need to disable outgoing incremental zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetransfers, use <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>multiple-cnames</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea domain name to allow multiple CNAME records in violation of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS standards. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9.1 always strictly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceenforces the CNAME rules both in master files and dynamic updates.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (the default),
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS NOTIFY messages are sent when a zone the server is authoritative for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechanges, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 3.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. The messages are sent to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers listed in the zone's NS records (except the master server identified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the SOA MNAME field), and to any servers listed in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, notifies are sent only to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers explicitly listed using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, no notifies are sent.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option may also be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein which case it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIt would only be necessary to turn off this option if it caused slaves
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>recursion</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS query requests recursion, then the server will attempt to do
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceall the work required to answer the query. If recursion is off
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the server does not already know the answer, it will return a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereferral response. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNote that setting <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>recursion no;</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> does not prevent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclients from getting data from the server's cache; it only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprevents new data from being cached as an effect of client queries.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCaching may still occur as an effect the server's internal
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoperation, such as NOTIFY address lookups.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>rfc2308-type1</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>Setting this to <TT
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecause the server to send NS records along with the SOA record for negative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceanswers. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>use-id-pool</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 always allocates query IDs from a pool.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone-statistics</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, the server will, by default, collect
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatistical data on all zones in the server. These statistics may be accessed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rndc stats</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, which will dump them to the file listed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. See also <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#statsfile"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.14</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf you need to disable IXFR to a particular server or servers see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe information on the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.16</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch04.html#incremental_zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.2</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>treat-cr-as-space</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server treat carriage return ("<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>") characters the same way
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas a space or tab character,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto facilitate loading of zone files on a UNIX system that were generated
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon an NT or DOS machine. In <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, both UNIX "<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" newlines are always accepted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the option is ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>additional-from-auth</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>additional-from-cache</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> These options control the server's behavior when answering queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich have additional data, or when following CNAME and DNAME
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechains to provide additional data.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> When both of these options are set to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(the default) and a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery is being answered from authoratitive data (a zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfigured into the server), the additional data section of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereply will be filled in using data from other authoratitive zones
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand from the cache. In some situations this is undesirable, such
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas when there is concern over the correctness of the cache, or in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein servers where slave zones may be added and modified by
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuntrusted third parties. Also, avoiding
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe search for this additional data will speed up server operations
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceat the possible expense of additional queries to resolve what would
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceotherwise be provided in the additional section.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> For example, if a query asks for an MX record for host <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the record found is "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>", normally the address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerecords (A, A6, and AAAA) for <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will be provided as well,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif known. These options disable this behavior.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2215"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.2. Forwarding</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The forwarding facility can be used to create a large site-wide
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecache on a few servers, reducing traffic over links to external
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenameservers. It can also be used to allow queries by servers that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedo not have direct access to the Internet, but wish to look up exterior
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenames anyway. Forwarding occurs only on those queries for which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server is not authoritative and does not have the answer in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceits cache.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is only meaningful if the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarders list is not empty. A value of <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe default, causes the server to query the forwarders first, and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif that doesn't answer the question the server will then look for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe answer itself. If <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is specified, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver will only query the forwarders.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies the IP addresses to be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor forwarding. The default is the empty list (no forwarding).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Forwarding can also be configured on a per-domain basis, allowing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the global forwarding options to be overridden in a variety
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof ways. You can set particular domains to use different forwarders,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor have a different <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor not forward at all, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_statement_grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.21</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="access_control"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.3. Access Control</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Access to the server can be restricted based on the IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the requesting system. See <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedetails on how to specify IP address lists.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenotify slaves of a zone change in addition to the zone masters.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> may also be specified in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, in which case it overrides the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. It is only meaningful
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor a slave zone. If not specified, the default is to process notify messages
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly from a zone's master.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceask ordinary questions. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, in which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecase it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot specified, the default is to allow queries from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>allow-recursion</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemake recursive queries through this server. If not specified, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefault is to allow recursive queries from all hosts.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNote that disallowing recursive queries for a host does not prevent the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehost from retrieving data that is already in the server's cache.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-v6-synthesis</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are to receive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesynthetic responses to IPv6 queries as described in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#synthesis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.12</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereceive zone transfers from the server. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucealso be specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, in which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecase it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf not specified, the default is to allow transfers from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>blackhole</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies a list of addresses that the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver will not accept queries from or use to resolve a query. Queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom these addresses will not be responded to. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2280"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.4. Interfaces</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The interfaces and ports that the server will answer queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom may be specified using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean optional port, and an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe server will listen on all interfaces allowed by the address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematch list. If a port is not specified, port 53 will be used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements are allowed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example,</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on { 5.6.7.8; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will enable the nameserver on port 53 for the IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce5.6.7.8, and on port 1234 of an address on the machine in net
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce1.2 that is not 1.2.3.4.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is specified, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver will listen on port 53 on all interfaces.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option is used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecify the ports on which the server will listen for incoming
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequeries sent using IPv6.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server does not bind a separate socket to each IPv6
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinterface address as it does for IPv4. Instead, it always
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelistens on the IPv6 wildcard address. Therefore, the only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevalues allowed for the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceargument to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ any; }</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ none;}</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> options can be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused to listen on multiple ports:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6 port 53 { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelisten-on-v6 port 1234 { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To make the server not listen on any IPv6 address, use</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6 { none; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is specified,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server will not listen on any IPv6 address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2306"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.5. Query Address</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If the server doesn't know the answer to a question, it will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery other nameservers. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe address and port used for such queries. For queries sent over
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIPv6, there is a separate <B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or is omitted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea wildcard IP address (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>INADDR_ANY</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>) will be used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or is omitted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea random unprivileged port will be used. The defaults are</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source address * port *;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery-source-v6 address * port *
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> currently applies only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto UDP queries; TCP queries always use a wildcard IP address and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea random unprivileged port.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.6. Zone Transfers</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has mechanisms in place to facilitate zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand set limits on the amount of load that transfers place on the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesystem. The following options apply to zone transfers.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Defines a global list of IP addresses of name servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat are also sent NOTIFY messages whenever a fresh copy of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone is loaded, in addition to the servers listed in the zone's NS records.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis helps to ensure that copies of the zones will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequickly converge on stealth servers. If an <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis given in a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, it will override
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. When a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, the IP addresses in the global <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot be sent NOTIFY messages for that zone. The default is the empty
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist (no global notification list).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Inbound zone transfers running longer than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis many minutes will be terminated. The default is 120 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(2 hours).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Inbound zone transfers making no progress
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein this many minutes will be terminated. The default is 60 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Outbound zone transfers running longer than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis many minutes will be terminated. The default is 120 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(2 hours).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Outbound zone transfers making no progress
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein this many minutes will be terminated. The default is 60 minutes (1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>serial-queries</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Slave servers will periodically query master
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers to find out if zone serial numbers have changed. Each such
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery uses a minute amount of the slave server's network bandwidth,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut more importantly each query uses a small amount of memory in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe slave server while waiting for the master server to respond.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIn BIND 8, the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>serial-queries</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option set the maximum number
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof concurrent serial-number queries allowed to be outstanding at
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany given time. BIND 9 does not limit the number of outstanding
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserial queries and ignores the The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>serial-queries</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinstead, it limits the rate at which the queries are sent.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe maximum rate is currently fixed at 20 queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceper second but may become configurable in a future release.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server supports two zone transfer methods. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>one-answer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceone DNS message per resource record transferred. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas many resource records as possible into a message. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemore efficient, but is only known to be understood by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4.9.5. The default is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe overridden on a per-server basis by using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of inbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be running concurrently. The default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIncreasing <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> may speed up the convergence
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof slave zones, but it also may increase the load on the local system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of outbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be running concurrently. Zone transfer requests in excess
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the limit will be refused. The default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of inbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be concurrently transferring from a given remote nameserver.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. Increasing <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespeed up the convergence of slave zones, but it also may increase
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe load on the remote nameserver. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe overridden on a per-server basis by using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich local address will be bound to IPv4 TCP connections used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefetch zones transferred inbound by the server. It also determines
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe source IPv4 address, and optionally the UDP port, used for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerefresh queries and forwarded dynamic updates. If not set, it defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto a system controlled value which will usually be the address of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe interface "closest to" the remote end. This address must appear
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the remote end's <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe zone being transferred, if one is specified. This statement
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for all zones, but can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe overridden on a per-view or per-zone basis by including a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement within the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the configuration file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The same as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexcept zone transfers are performed using IPv6.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich local source address, and optionally UDP port, will be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesend NOTIFY messages.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis address must appear in the slave server's <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone clause or in an <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis statement sets the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for all zones,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut can be overridden on a per-zone / per-view basis by including a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement within the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> block in the configuration file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut applies to notify messages sent to IPv6 addresses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2435"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.7. Resource Limits</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server's usage of many system resources can be limited.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSome operating systems don't support some of the limits. On such
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesystems, a warning will be issued if the unsupported limit is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused. Some operating systems don't support limiting resources.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Scaled values are allowed when specifying resource limits. For
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> can be used instead of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>1073741824</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> to specify a limit of one
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> requests unlimited use, or the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemaximum available amount. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> uses the limit
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat was in force when the server was started. See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum size of a core dump. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum amount of data memory the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay use. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of files the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay have open concurrently. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ixfr-log-size</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is obsolete; it is accepted
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand ignored for BIND 8 compatibility.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>recursive-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of simultaneous recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelookups the server will perform on behalf of clients. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>stacksize</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum amount of stack memory the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay use. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tcp-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of simultaneous client TCP
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconnections that the server will accept. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2487"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.8. Periodic Task Intervals</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>cleaning-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will remove expired resource records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom the cache every <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>cleaning-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is 60 minutes.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf set to 0, no periodic cleaning will occur.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will perform zone maintenance tasks
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor all zones marked as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> whenever this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinterval expires. The default is 60 minutes. Reasonable values are up
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto 1 day (1440 minutes). If set to 0, no zone maintenance for these zones will occur.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>interface-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will scan the network interface list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>interface-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> minutes. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis 60 minutes. If set to 0, interface scanning will only occur when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe configuration file is loaded. After the scan, listeners will be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestarted on any new interfaces (provided they are allowed by the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration). Listeners on interfaces
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat have gone away will be cleaned up.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Nameserver statistics will be logged
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> minutes. The default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce60. If set to 0, no statistics will be logged.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="topology"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.9. Topology</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All other things being equal, when the server chooses a nameserver
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto query from a list of nameservers, it prefers the one that is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetopologically closest to itself. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> and interprets it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein a special way. Each top-level list element is assigned a distance.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNon-negated elements get a distance based on their position in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist, where the closer the match is to the start of the list, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshorter the distance is between it and the server. A negated match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be assigned the maximum distance from the server. If there
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis no match, the address will get a distance which is further than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany non-negated list element, and closer than any negated element.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example,</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will prefer servers on network 10 the most, followed by hosts
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexception of hosts on network 1.2.3 (netmask 255.255.255.0), which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis preferred least of all.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The default topology is</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> topology { localhost; localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="the_sortlist_statement"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.10. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Resource Records (RRs) are the data associated with the names
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein a domain name space. The data is maintained in the form of sets
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof RRs. The order of RRs in a set is, by default, not significant.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTherefore, to control the sorting of records in a set of resource
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerecords, or <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, you must use the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>RRs are explained more fully in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.3.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. Specifications for RRs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare documented in RFC 1035.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When returning multiple RRs the nameserver will normally return
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Round Robin</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat is, after each request the first RR is put at the end of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist. The client resolver code should rearrange the RRs as appropriate,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat is, using any addresses on the local net in preference to other addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHowever, not all resolvers can do this or are correctly configured.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen a client is using a local server the sorting can be performed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the server, based on the client's address. This only requires
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfiguring the nameservers, not all the clients.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement (see below) takes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> and interprets it even
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemore specifically than the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.9</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>). Each top level statement in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceitself be an explicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceone or two elements. The first element (which may be an IP address,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean IP prefix, an ACL name or a nested <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof each top level list is checked against the source address of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe query until a match is found.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Once the source address of the query has been matched, if
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe top level statement contains only one element, the actual primitive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceelement that matched the source address is used to select the address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the response to move to the beginning of the response. If the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatement is a list of two elements, then the second element is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetreated the same as the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. Each top level element
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis assigned a distance and the address in the response with the minimum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedistance is moved to the beginning of the response.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>In the following example, any queries received from any of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe addresses of the host itself will get responses preferring addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon any of the locally connected networks. Next most preferred are addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the 192.168.1/24 network, and after that either the 192.168.2/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce192.168.3/24 network with no preference shown between these two
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetworks. Queries received from a host on the 192.168.1/24 network
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill prefer other addresses on that network to the 192.168.2/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce192.168.3/24 networks. Queries received from a host on the 192.168.4/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor the 192.168.5/24 network will only prefer other addresses on
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetheir directly connected networks.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localhost; // IF the local host
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localnets; // THEN first fit on the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following example will give reasonable behavior for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelocal host and hosts on directly connected networks. It is similar
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto the behavior of the address sort in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4.9.x. Responses sent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto queries from the local host will favor any of the directly connected
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetworks. Responses sent to queries from any other hosts on a directly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconnected network will prefer addresses on that same network. Responses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto other queries will not be sorted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localhost; localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="rrset_ordering"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.11. RRset Ordering</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When multiple records are returned in an answer it may be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuseful to configure the order of the records placed into the response.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example, the records for a zone might be configured always to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe returned in the order they are defined in the zone file. Or perhaps
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea random shuffle of the records as they are returned is wanted.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement permits configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the ordering made of the records in a multiple record response.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default, if no ordering is defined, is a cyclic ordering (round
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is defined as follows:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>class_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>type_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>"domain_name"</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If no class is specified, the default is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf no type is specified, the default is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf no name is specified, the default is "<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The legal values for <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in the order they
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare defined in the zone file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in some random order.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in a round-robin
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce class IN type A name "host.example.com" order random;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce order cyclic;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will cause any responses for type A records in class IN that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" as a suffix, to always be returned
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein random order. All other records are returned in cyclic order.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If multiple <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements appear,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethey are not combined-the last one applies.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is specified,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethen a default one of:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order { class ANY type ANY name "*" order cyclic ; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="synthesis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.12. Synthetic IPv6 responses</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Many existing stub resolvers support IPv6 DNS lookups as defined in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC1886, using AAAA records for forward lookups and "nibble labels" in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> domain for reverse lookups, but do not support
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC2874-style lookups (using A6 records and binary labels in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> domain).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For those who wish to continue to use such stub resolvers rather than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceswitching to the BIND 9 lightweight resolver, BIND 9 provides a way
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto automatically convert RFC1886-style lookups into
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC2874-style lookups and return the results as "synthetic" AAAA and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePTR records.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This feature is disabled by default and can be enabled on a per-client
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebasis by adding a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-v6-synthesis { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclause to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce When it is enabled, recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAAAA queries cause the server to first try an A6 lookup and if that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefails, an AAAA lookups. No matter which one succeeds, the results are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereturned as a set of synthetic AAAA records. Similarly, recursive PTR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequeries in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will cause a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelookup in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> using binary
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelabels, and if that fails, another lookup in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe results are returned as a synthetic PTR record in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The synthetic records have a TTL of zero. DNSSEC validation of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesynthetic responses is not currently supported; therefore responses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontaining synthetic RRs will not have the AD flag set.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="tuning"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.13. Tuning</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Sets the number of seconds to cache a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelame server indication. 0 disables caching. (This is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> recommended.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDefault is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (10 minutes). Maximum value is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (30 minutes).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To reduce network traffic and increase performance
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server stores negative answers. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused to set a maximum retention time for these answers in the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein seconds. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> seconds (3 hours).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> cannot exceed 7 days and will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe silently truncated to 7 days if set to a greater value.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-cache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-cache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe maximum time for which the server will cache ordinary (positive)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceanswers. The default is one week (7 days).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-roots</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The minimum number of root servers that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis required for a request for the root servers to be accepted. Default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies the number of days into the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefuture when DNSSEC signatures automatically generated as a result
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof dynamic updates (<A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch04.html#dynamic_update"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill expire. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> days. The signature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinception time is unconditionally set to one hour before the current time
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto allow for a limited amount of clock skew.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-refresh-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-refresh-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-retry-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-retry-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> These options control the server's behavior on refreshing a zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(querying for SOA changes) or retrying failed transfers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUsually the SOA values for the zone are used, but these values
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare set by the master, giving slave server administrators little
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontrol over their contents.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> These options allow the administrator to set a minimum and maximum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerefresh and retry time either per-zone, per-view, or per-server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThese options are valid for master, slave and stub zones,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand clamp the SOA refresh and retry times to the specified values.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="statsfile"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.14.14. The Statistics File</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The statistics file generated by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis similar, but not identical, to that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucegenerated by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The statistics dump begins with the line <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>+++ Statistics Dump
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce+++ (973798949)</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, where the number in parentheses is a standard
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUnix-style timestamp, measured as seconds since January 1, 1970. Following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat line are a series of lines containing a counter type, the value of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecounter, optionally a zone name, and optionally a view name.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe lines without view and zone listed are global statistics for the entire server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceLines with a zone and view name for the given view and zone (the view name is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceomitted for the default view). The statistics dump ends
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith the line <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>--- Statistics Dump --- (973798949)</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenumber is identical to the number in the beginning line.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following statistics counters are maintained:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesuccessful queries made to the server or zone. A successful query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis defined as query which returns a NOERROR response other than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea referral response.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The number of queries which resulted
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein referral responses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The number of queries which resulted in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNOERROR responses with no data.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof queries which resulted in NXDOMAIN responses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>recursion</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The number of queries which caused the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto perform recursion in order to find the final answer.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The number of queries which resulted in a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefailure response other than those above.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="server_statement_grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceCLASS="optional"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> provide-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> request-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-format <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>( one-answer | many-answers )</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ string ; [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> string ; [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="server_statement_definition_and_usage"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines the characteristics
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be associated with a remote nameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you discover that a remote server is giving out bad data,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemarking it as bogus will prevent further queries to it. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause determines whether
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe local server, acting as master, will respond with an incremental
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone transfer when the given remote server, a slave, requests it.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, incremental transfer will be provided
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhenever possible. If set to <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, all transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto the remote server will be nonincremental. If not set, the value
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option in the global options block
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis used as a default.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause determines whether
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe local server, acting as a slave, will request incremental zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetransfers from the given remote server, a master. If not set, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevalue of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option in the global
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions block is used as a default.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>IXFR requests to servers that do not support IXFR will automatically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefall back to AXFR. Therefore, there is no need to manually list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich servers support IXFR and which ones do not; the global default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> should always work.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe purpose of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto make it possible to disable the use of IXFR even when both master
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand slave claim to support it, for example if one of the servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis buggy and crashes or corrupts data when IXFR is used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server supports two zone transfer methods. The first, <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>one-answer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuses one DNS message per resource record transferred. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas many resource records as possible into a message. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemore efficient, but is only known to be understood by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4.9.5. You can specify which method
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto use for a server with the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is not specified, the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement will be used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is used to limit the number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconcurrent inbound zone transfers from the specified server. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is specified, the limit is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceset according to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is used to identify a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, to be used for transaction
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesecurity when talking to the remote server. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemust come before the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement that references
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit. When a request is sent to the remote server, a request signature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be generated using the key specified here and appended to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemessage. A request originating from the remote server is not required
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be signed by this key.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Although the grammar of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceallows for multiple keys, only a single key per server is currently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupported.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2795"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2811"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines DNSSEC
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesecurity roots. DNSSEC is described in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.7</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. A security root is defined when the public key for a non-authoritative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone is known, but cannot be securely obtained through DNS, either
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebecause it is the DNS root zone or its parent zone is unsigned.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceOnce a key has been configured as a trusted key, it is treated as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif it had been validated and proven secure. The resolver attempts
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNSSEC validation on all DNS data in subdomains of a security root.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement can contain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemultiple key entries, each consisting of the key's domain name,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceflags, protocol, algorithm, and the base-64 representation of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2819"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> zone-statistics <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone_statement</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2833"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is a powerful new feature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 that lets a name server answer a DNS query differently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedepending on who is asking. It is particularly useful for implementing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesplit DNS setups without having to run multiple servers.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines a view of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS namespace that will be seen by those clients whose IP addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematch the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> of the view's <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>match-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The order of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements is significant-a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclient query will be resolved in the context of the first <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>match-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematches the client's IP address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zones defined within a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe only be accessible to clients that match the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce By defining a zone of the same name in multiple views, different
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone data can be given to different clients, for example, "internal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand "external" clients in a split DNS setup.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Many of the options given in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan also be used within a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, and then
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceapply only when resolving queries with that view. When no view-specific
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevalue is given, the value in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonis used as a default. Also, zone options can have default values specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement; these view-specific defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetake precedence over those in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. </P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Views are class specific. If no class is given, class IN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis assumed. Note that all non-IN views must contain a hint zone,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesince only the IN class has compiled-in default hints.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If there are no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfig file, a default view that matches any client is automatically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecreated in class IN, and any <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified on the top level of the configuration file are considered
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be part of this default view. If any explicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare present, all <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements must occur inside <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Here is an example of a typical split DNS setup implemented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view "internal" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // This should match our internal networks.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { 10.0.0.0/8; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide recursive service to internal clients only.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recursion yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide a complete view of the example.com zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // including addresses of internal hosts.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceview "external" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Refuse recursive service to external clients.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recursion no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide a restricted view of the example.com zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // containing only publicly accessible hosts.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="zone_statement_grammar"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceStatement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type ( master | slave | hint | stub | forward ) ;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> allow-query { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-transfer { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> allow-update { <TT
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> update-policy { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update_policy_rule</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] } ; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-update-forwarding { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> also-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> check-names (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dialup_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forward (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forwarders { [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] } ; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ixfr-tmp-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> maintain-ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> masters [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] } ; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ixfr-log-size <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> transfer-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="constant"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notify-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notify-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> zone-statistics <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sig-validity-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> database <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> min-retry-time <TT
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-retry-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2978"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN2981"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.22.1. Zone Types</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server has a master copy of the data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the zone and will be able to provide authoritative answers for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A slave zone is a replica of a master
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> list specifies one or more IP addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof master servers that the slave contacts to update its copy of the zone.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceBy default, transfers are made from port 53 on the servers; this can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe changed for all servers by specifying a port number before the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist of IP addresses, or on a per-server basis after the IP address.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAuthentication to the master can also be done with per-server TSIG keys.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf a file is specified, then the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereplica will be written to this file whenever the zone is changed,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand reloaded from this file on a server restart. Use of a file is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerecommended, since it often speeds server start-up and eliminates
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea needless waste of bandwidth. Note that for large numbers (in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetens or hundreds of thousands) of zones per server, it is best to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse a two level naming scheme for zone file names. For example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea slave server for the zone <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> might place
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe zone contents into a file called
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucejust the first two letters of the zone name. (Most operating systems
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebehave very slowly if you put 100K files into a single directory.)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A stub zone is similar to a slave zone,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexcept that it replicates only the NS records of a master zone instead
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the entire zone. Stub zones are not a standard part of the DNS;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethey are a feature specific to the <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> implementation.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Stub zones can be used to eliminate the need for glue NS record
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein a parent zone at the expense of maintaining a stub zone entry and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea set of name server addresses in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis usage is not recommended for new configurations, and BIND 9
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupports it only in a limited way.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4/8, zone transfers of a parent zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceincluded the NS records from stub children of that zone. This meant
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat, in some cases, users could get away with configuring child stubs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly in the master server for the parent zone. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce9 never mixes together zone data from different zones in this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceway. Therefore, if a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 master serving a parent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone has child stub zones configured, all the slave servers for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceparent zone also need to have the same child stub zones
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfigured.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Stub zones can also be used as a way of forcing the resolution
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof a given domain to use a particular set of authoritative servers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example, the caching name servers on a private network using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC2157 addressing may be configured with stub zones for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto use a set of internal name servers as the authoritative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers for that domain.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A "forward zone" is a way to configure
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarding on a per-domain basis. A <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> can contain a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich will apply to queries within the domain given by the zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename. If no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is present or
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean empty list for <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is given, then no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarding will be done for the domain, cancelling the effects of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany forwarders in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. Thus
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif you want to use this type of zone to change the behavior of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option (that is, "forward first
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto", then "forward only", or vice versa, but want to use the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers as set globally) you need to respecify the global forwarders.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The initial set of root nameservers is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified using a "hint zone". When the server starts up, it uses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe root hints to find a root nameserver and get the most recent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist of root nameservers. If no hint zone is specified for class
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIN, the server uses a compiled-in default set of root servers hints.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceClasses other than IN have no built-in defaults hints.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3038"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.22.2. Class</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The zone's name may optionally be followed by a class. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea class is not specified, class <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Internet</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis assumed. This is correct for the vast majority of cases.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenamed for an information service from MIT's Project Athena. It is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused to share information about various systems databases, such
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas users, groups, printers and so on. The keyword
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea synonym for hesiod.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Another MIT development is CHAOSnet, a LAN protocol created
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the mid-1970s. Zone data for it can be specified with the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3048"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.22.3. Zone Options</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#access_control"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#access_control"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#access_control"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubmit Dynamic DNS updates for master zones. The default is to deny
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceupdates from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies a "Simple Secure Update" policy. See
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#dynamic_update_policies"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.22.4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update-forwarding</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubmit Dynamic DNS updates to slave zones to be forwarded to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemaster. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ none; }</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemeans that no update forwarding will be performed. To enable
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceupdate forwarding, specify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update-forwarding { any; };</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSpecifying values other than <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ none; }</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is usually counterproductive, since
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe responsibility for update access control should rest with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemaster server, not the slaves.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Note that enabling the update forwarding feature on a slave server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay expose master servers relying on insecure IP address based
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaccess control to attacks; see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch07.html#dynamic_update_security"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 7.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor more details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Only meaningful if <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceactive for this zone. The set of machines that will receive a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>DNS NOTIFY</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor this zone is made up of all the listed nameservers (other than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe primary master) for the zone plus any IP addresses specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. A port may be specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address to send the notify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemessages to a port other than the default of 53.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is not meaningful for stub zones.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is the empty list.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>check-names</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> This option was used in BIND 8 to restrict the character set of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedomain names in master files and/or DNS responses received from the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetowrk. BIND 9 does not restrict the character set of domain names
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand does not implement the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>check-names</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specify the type of database to be used for storing the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone data. The string following the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis interpreted as a list of whitespace-delimited words. The first word
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceidentifies the database type, and any subsequent words are passed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas arguments to the database to be interpreted in a way specific
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto the database type.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, BIND 9's native in-memory
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucered-black-tree database. This database does not take arguments.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Other values are possible if additional database drivers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehave been linked into the server. Some sample drivers are included
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith the distribution but none are linked in by default.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#boolean_options"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Only meaningful if the zone has a forwarders
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> value causes the lookup to fail
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceafter trying the forwarders and getting no answer, while <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceallow a normal lookup to be tried.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Used to override the list of global forwarders.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf it is not specified in a zone of type <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceno forwarding is done for the zone; the global options are not used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ixfr-base</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to specify the name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the transaction log (journal) file for dynamic update and IXFR.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 ignores the option and constructs the name of the journal
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefile by appending ".<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" to the name of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone file.</P
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#boolean_options"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8, this option was intended for specifying
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea public zone key for verification of signatures in DNSSEC signed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezones when they are loaded from disk. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 does not verify signatures
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon loading and ignores the option.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone-statistics</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, the server will keep statistical
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinformation for this zone, which can be dumped to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> defined in the server options.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.13</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>notify-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-refresh-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-refresh-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-retry-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-retry-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> See the description in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.13</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="dynamic_update_policies"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.22.4. Dynamic Update Policies</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 supports two alternative methods of granting clients
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe right to perform dynamic updates to a zone,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfigured by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option, respectively.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause works the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceway as in previous versions of <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. It grants given clients the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepermission to update any record of any name in the zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is new in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce9 and allows more fine-grained control over what updates are allowed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA set of rules is specified, where each rule either grants or denies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepermissions for one or more names to be updated by one or more identities.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce If the dynamic update request message is signed (that is, it includes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeither a TSIG or SIG(0) record), the identity of the signer can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe determined.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Rules are specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoption, and are only meaningful for master zones. When the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis present, it is a configuration error for the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be present. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexamines the signer of a message; the source address is not relevant.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This is how a rule definition looks:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Each rule grants or denies privileges. Once a message has
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesuccessfully matched a rule, the operation is immediately granted
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor denied and no further rules are examined. A rule is matched
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhen the signer matches the identity field, the name matches the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename field, and the type is specified in the type field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The identity field specifies a name or a wildcard name. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenametype field has 4 values: <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>subdomain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>wildcard</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesame as the name in the name field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>subdomain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is a subdomain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the name in the name field (which includes the name itself).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>wildcard</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is a valid
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexpansion of the wildcard name in the name field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesame as the message signer. The name field is ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If no types are specified, the rule matches all types except
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSIG, NS, SOA, and NXT. Types may be specified by name, including
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"ANY" (ANY matches all types except NXT, which can never be updated).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3305"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3. Zone File</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="types_of_resource_records_and_when_to_use_them"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1. Types of Resource Records and When to Use Them</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This section, largely borrowed from RFC 1034, describes the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconcept of a Resource Record (RR) and explains when each is used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSince the publication of RFC 1034, several new RRs have been identified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand implemented in the DNS. These are also included.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3310"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1.1. Resource Records</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A domain name identifies a node. Each node has a set of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce resource information, which may be empty. The set of resource
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce information associated with a particular name is composed of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce separate RRs. The order of RRs in a set is not significant and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce need not be preserved by nameservers, resolvers, or other
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce parts of the DNS. However, sorting of multiple RRs is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce permitted for optimization purposes, for example, to specify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that a particular nearby server be tried first. See <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#the_sortlist_statement"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.10</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#rrset_ordering"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.14.11</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The components of a Resource Record are:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>owner name</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the domain name where the RR is found.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an encoded 16 bit value that specifies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe type of the resource in this resource record. Types refer to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceabstract resources.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the time to live of the RR. This field
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis a 32 bit integer in units of seconds, and is primarily used by
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresolvers when they cache RRs. The TTL describes how long a RR can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe cached before it should be discarded.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an encoded 16 bit value that identifies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea protocol family or instance of a protocol.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the type and sometimes class-dependent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata that describes the resource.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following are <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> of valid RRs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(some of these listed, although not obsolete, are experimental (x)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor historical (h) and no longer in general use):</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a host address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IPv6 address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Obsolete format of IPv6 address</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) location of AFS database servers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the canonical name of an alias.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>for delegation of reverse addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceReplaces the domain name specified with another name to be looked
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceup. Described in RFC 2672.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the CPU and OS used by a host.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) representation of ISDN addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>stores a public key associated with a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) for storing GPS info. See RFC 1876.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies a mail exchange for the domain.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce See RFC 974 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the authoritative nameserver for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>used in DNSSEC to securely indicate that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRRs with an owner name in a certain name interval do not exist in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea zone and indicate what RR types are present for an existing name.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSee RFC 2535 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a pointer to another part of the domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename space.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) information on persons responsible
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the domain. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) route-through binding for hosts that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedo not have their own direct wide area network addresses. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>("signature") contains data authenticated
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the secure DNS. See RFC 2535 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the start of a zone of authority.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>information about well known network
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservices (replaces WKS).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(h) information about which well known
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetwork services, such as SMTP, that a domain supports. Historical,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereplaced by newer RR SRV.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) representation of X.25 network addresses. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> of resource records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare currently valid in the DNS:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the Internet system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For information about other,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceolder classes of RRs, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch09.html#classes_of_resource_records"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section A.2.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the type-dependent or class-dependent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata that describes the resource:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>for the IN class, a 32 bit IP address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>maps a domain name to an IPv6 address,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith a provision for indirection for leading "prefix" bits.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provides alternate naming to an entire
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubtree of the domain name space, rather than to a single node.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce It causes some suffix of a queried name to be substituted with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea name from the DNAME record's RDATA.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a 16 bit preference value (lower is better)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowed by a host name willing to act as a mail exchange for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceowner domain.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a fully qualified domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a fully qualified domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>several fields.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The owner name is often implicit, rather than forming an integral
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepart of the RR. For example, many nameservers internally form tree
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor hash structures for the name space, and chain RRs off nodes.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The remaining RR parts are the fixed header (type, class, TTL)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich is consistent for all RRs, and a variable part (RDATA) that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefits the needs of the resource being described.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The meaning of the TTL field is a time limit on how long an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRR can be kept in a cache. This limit does not apply to authoritative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata in zones; it is also timed out, but by the refreshing policies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the zone. The TTL is assigned by the administrator for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone where the data originates. While short TTLs can be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceminimize caching, and a zero TTL prohibits caching, the realities
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof Internet performance suggest that these times should be on the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceorder of days for the typical host. If a change can be anticipated,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe TTL can be reduced prior to the change to minimize inconsistency
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceduring the change, and then increased back to its former value following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe change.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The data in the RDATA section of RRs is carried as a combination
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof binary strings and domain names. The domain names are frequently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused as "pointers" to other data in the DNS.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3524"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1.2. Textual expression of RRs</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>RRs are represented in binary form in the packets of the DNS
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprotocol, and are usually represented in highly encoded form when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestored in a nameserver or resolver. In the examples provided in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC 1034, a style similar to that used in master files was employed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein order to show the contents of RRs. In this format, most RRs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare shown on a single line, although continuation lines are possible
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing parentheses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The start of the line gives the owner of the RR. If a line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebegins with a blank, then the owner is assumed to be the same as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat of the previous RR. Blank lines are often included for readability.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following the owner, we list the TTL, type, and class of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRR. Class and type use the mnemonics defined above, and TTL is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean integer before the type field. In order to avoid ambiguity in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceparsing, type and class mnemonics are disjoint, TTLs are integers,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the type mnemonic is always last. The IN class and TTL values
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare often omitted from examples in the interests of clarity.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The resource data or RDATA section of the RR are given using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceknowledge of the typical representation for the data.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example, we might show the RRs carried in a message as:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>128.9.0.32</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.1.0.52</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.2.0.27</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>128.9.0.33</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The MX RRs have an RDATA section which consists of a 16 bit
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenumber followed by a domain name. The address RRs use a standard
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIP address format to contain a 32 bit internet address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This example shows six RRs, with two RRs at each of three
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedomain names.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Similarly we might see:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.44</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This example shows two addresses for <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeach of a different class.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3625"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.2. Discussion of MX Records</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>As described above, domain servers store information as a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceseries of resource records, each of which contains a particular
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepiece of information about a given domain name (which is usually,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut not always, a host). The simplest way to think of a RR is as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea typed pair of datum, a domain name matched with relevant data,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand stored with some additional type information to help systems determine
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhen the RR is relevant.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>MX records are used to control delivery of email. The data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified in the record is a priority and a domain name. The priority
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontrols the order in which email delivery is attempted, with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelowest number first. If two priorities are the same, a server is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechosen randomly. If no servers at a given priority are responding,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe mail transport agent will fall back to the next largest priority.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePriority numbers do not have any absolute meaning — they are relevant
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly respective to other MX records for that domain name. The domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename given is the machine to which the mail will be delivered. It <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean associated A record — CNAME is not sufficient.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For a given domain, if there is both a CNAME record and an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceMX record, the MX record is in error, and will be ignored. Instead,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe mail will be delivered to the server specified in the MX record
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepointed to by the CNAME.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.1</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.2</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Mail delivery will be attempted to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany order), and if neither of those succeed, delivery to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe attempted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="Setting_TTLs"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.3. Setting TTLs</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The time to live of the RR field is a 32 bit integer represented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein units of seconds, and is primarily used by resolvers when they
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecache RRs. The TTL describes how long a RR can be cached before it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshould be discarded. The following three types of TTL are currently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused in a zone file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The last field in the SOA is the negative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecaching TTL. This controls how long other servers will cache no-such-domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(NXDOMAIN) responses from you.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum time for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenegative caching is 3 hours (3h).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The $TTL directive at the top of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone file (before the SOA) gives a default TTL for every RR without
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea specific TTL set.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Each RR can have a TTL as the second
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefield in the RR, which will control how long other servers can cache
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All of these TTLs default to units of seconds, though units
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan be explicitly specified, for example, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3746"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.4. Inverse Mapping in IPv4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Reverse name resolution (that is, translation from IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto name) is achieved by means of the <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand PTR records. Entries in the in-addr.arpa domain are made in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceleast-to-most significant order, read left to right. This is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceopposite order to the way IP addresses are usually written. Thus,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea machine with an IP address of 10.1.2.3 would have a corresponding
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce3.2.1.10.in-addr.arpa. This name should have a PTR resource record
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhose data field is the name of the machine or, optionally, multiple
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePTR records if the machine has more than one name. For example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] domain:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> lines in the examples
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare for providing context to the examples only-they do not necessarily
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceappear in the actual usage. They are only used here to indicate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat the example is relative to the listed origin.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3773"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5. Other Zone File Directives</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The Master File Format was initially defined in RFC 1035 and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehas subsequently been extended. While the Master File Format itself
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis class independent all records in a Master File must be of the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Master File Directives include <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3780"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.1. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain-name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sets the domain name that will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe appended to any unqualified records. When a zone is first read
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein there is an implicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone-name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is appended to the domain specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> argument if it is not absolute.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWWW CNAME MAIN-SERVER</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>is equivalent to</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>WWW.EXAMPLE.COM CNAME MAIN-SERVER.EXAMPLE.COM.</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3800"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.2. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Read and process the file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>filename</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif it were included into the file at this point. If <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified the file is processed with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto that value, otherwise the current <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The origin and the current domain name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerevert to the values they had prior to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe file has been read.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC 1035 specifies that the current origin should be restored after
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, but it is silent on whether the current
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedomain name should also be restored. BIND 9 restores both of them.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis could be construed as a deviation from RFC 1035, a feature, or both.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3820"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.3. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-ttl</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Set the default Time To Live (TTL) for subsequent records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is defined in RFC 2308.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="AEN3831"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.6. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Master File Extension: the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is used to create a series of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresource records that only differ from each other by an iterator. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe used to easily generate the sets of records required to support
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesub /24 reverse delegations described in RFC 2317: Classless IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedelegation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce$GENERATE 1-2 0 NS SERVER$.EXAMPLE.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce$GENERATE 1-127 $ CNAME $.0</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>is equivalent to</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce1.0.0.192.IN-ADDR.ARPA CNAME 1.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2.0.0.192.IN-ADDR.ARPA CNAME 2.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce127.0.0.192.IN-ADDR.ARPA CNAME 127.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="3"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This can be one of two forms: start-stop
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor start-stop/step. If the first form is used then step is set to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce 1. All of start, stop and step must be positive.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> describes the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceowner name of the resource records to be created. Any single <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewithin the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> side are replaced by the iterator
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTo get a $ in the output you need to escape the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing a backslash <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> may optionally be followed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceby modifiers which change the offset from the interator, field width and base.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceModifiers are introduced by a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> immediately following the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>${offset[,width[,base]]}</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>${-20,3,d}</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> which subtracts 20 from the current value,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprints the result as a decimal in a zero padded field of with 3. Available
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoutput forms are decimal (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>), octal (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand hexadecimal (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for uppercase).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default modifier is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceabsolute, the current <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is appended to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For compatability with earlier versions <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonrecognised a indicating a literal $ in the output.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>At present the only supported types are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePTR, CNAME, DNAME, A, AAAA and NS.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rhs is a domain name. It is processed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesimilarly to lhs.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> directive is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand not part of the standard zone file format.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVFOOTER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Lightweight Resolver</TD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Security Considerations</TD