Bv9ARM.ch06.html revision 4e99bcb0603f3270ff89323d149a1fbc668e7da0
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND 9 Configuration Reference</TITLE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="GENERATOR"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCONTENT="Modular DocBook HTML Stylesheet Version 1.61
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND 9 Administrator Reference Manual"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinREL="PREVIOUS"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="The BIND 9 Lightweight Resolver"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND 9 Security Considerations"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="chapter"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinBGCOLOR="#FFFFFF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTEXT="#000000"
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark AndrewsLINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVLINK="#840084"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="NAVHEADER"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="0"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCELLSPACING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND 9 Administrator Reference Manual</TH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="right"
e4a70b8fdfc5d2db2d992d884327a1e1fec67a07Tinderbox UserVALIGN="bottom"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="chapter"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User>Chapter 6. <SPAN
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 Configuration Reference</A
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater>Table of Contents</B
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserHREF="Bv9ARM.ch06.html#configuration_file_elements"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>Configuration File Elements</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User>Configuration File Grammar</A
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="acronym"
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews> 9 configuration is broadly similar to <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthere are a few new areas of configuration, such as views. <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews8.x configuration files should work with few alterations in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein9, although more complex configurations should be reviewed to check
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinif they can be more efficiently implemented using the new features
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsfound in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 4 configuration files can be converted to the new format
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinusing the shell script
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="configuration_file_elements"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1. Configuration File Elements</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Following is a list of elements used throughout the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfile documentation:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1115"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>acl_name</TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>The name of an <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="varname"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>address_match_list</TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsdefined by the <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</TT
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterVALIGN="MIDDLE"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>A list of one or more <TT
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="varname"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="varname"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="varname"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>acl_name</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> elements, see
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#address_match_lists"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.1.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>domain_name</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A quoted string which will be used as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina DNS name, for example "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsVALIGN="MIDDLE"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsCLASS="varname"
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>dotted_decimal</TT
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsVALIGN="MIDDLE"
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>One or more integers valued 0 through
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein255 separated only by dots (`.'), such as <B
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>89.123.45.67</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserVALIGN="MIDDLE"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>An IPv4 address with exactly four elements
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="varname"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>dotted_decimal</TT
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User> notation.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews>ip6_addr</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>An IPv6 address, such as <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>fe80::200:f8ff:fe01:9742</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsVALIGN="MIDDLE"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsCLASS="varname"
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>ip4_addr</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>ip6_addr</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>An IP port <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is limited to 0 through 65535, with values
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbelow 1024 typically restricted to root-owned processes. In some
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincases an asterisk (`*') character can be used as a placeholder to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinselect a random high-numbered port.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>ip_prefix</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>An IP network specified as an <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfollowed by a slash (`/') and then the number of bits in the netmask.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTrailing zeros in a <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterFor example, <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> is the network <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> with netmask <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>255.255.255.240</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="varname"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>domain_name</TT
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User> representing
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userthe name of a shared key, to be used for transaction security.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="varname"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>key_list</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User>A list of one or more <TT
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="varname"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox Userseparated by semicolons and ending with a semicolon.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A non-negative integer with an entire
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrange limited by the range of a C language signed integer (2,147,483,647
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinon a machine with 32 bit integers). Its acceptable value might further
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe limited by the context in which it is used.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A quoted string which will be used as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina pathname, such as <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
e4a70b8fdfc5d2db2d992d884327a1e1fec67a07Tinderbox UserCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A number, the word <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>unlimited</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinor the word <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is that of unsigned long integers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinon the machine. An <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>unlimited</TT
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> requests unlimited
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinuse, or the maximum available amount. A <TT
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="varname"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews>default size_spec</TT
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsthe limit that was in force when the server was started.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptionally be followed by a scaling factor: <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="userinput"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewskilobytes, <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="userinput"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsmegabytes, and <TT
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="userinput"
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="userinput"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews> for gigabytes,
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewswhich scale by 1024, 1024*1024, and 1024*1024*1024 respectively.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstorage overflow is currently silently ignored during conversion
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof scaled values, resulting in values less than intended, possibly
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeineven negative. Using <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
e4a70b8fdfc5d2db2d992d884327a1e1fec67a07Tinderbox User>unlimited</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is the best way
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsto safely set a really large number.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>yes_or_no</TT
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe words <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinalso accepted, as are the numbers <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dialup_option</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>notify-passive</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinWhen used in a zone, <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>notify-passive</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinare restricted to slave and stub zones.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="address_match_lists"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1.1. Address Match Lists</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1278"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1.1.1. Syntax</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> = address_match_list_element ;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> address_match_list_element; ... </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list_element</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] (ip_address [<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>/length</SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein key key_id | acl_name | { address_match_list } )
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1286"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1.1.2. Definition and Usage</A
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>Address match lists are primarily used to determine access
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrol for various server operations. They are also used to define
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpriorities for querying other nameservers and to set the addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will listen for queries. The elements
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhich constitute an address match list can be any of the following:</P
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater>an IP address (IPv4 or IPv6)</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>an IP prefix (in the `/'-notation)</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a key ID, as defined by the key statement</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>the name of an address match list previously defined with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
c6d486af36165da7eb970354981d145249e342e4Mark Andrews> statement</P
c6d486af36165da7eb970354981d145249e342e4Mark Andrews>a nested address match list enclosed in braces</P
c6d486af36165da7eb970354981d145249e342e4Mark Andrews>Elements can be negated with a leading exclamation mark (`!')
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsand the match list names "any," "none," "localhost" and "localnets"
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsare predefined. More information on those names can be found in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe description of the acl statement.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The addition of the key clause made the name of this syntactic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinelement something of a misnomer, since security keys can be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto validate access without regard to a host or network address. Nonetheless,
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updaterthe term "address match list" is still used throughout the documentation.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>When a given IP address or prefix is compared to an address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmatch list, the list is traversed in order until an element matches.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe interpretation of a match depends on whether the list is being used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor access control, defining listen-on ports, or as a topology,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand whether the element was negated.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>When used as an access control list, a non-negated match allows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinaccess and a negated match denies access. If there is no match,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinaccess is denied. The clauses <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>allow-query</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>allow-transfer</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>allow-update</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinuse address match lists this. Similarly, the listen-on option will cause
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe server to not accept queries on any of the machine's addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhich do not match the list.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>When used with the topology clause, a non-negated match returns
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina distance based on its position on the list (the closer the match
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis to the start of the list, the shorter the distance is between
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinit and the server). A negated match will be assigned the maximum
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindistance from the server. If there is no match, the address will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinget a distance which is further than any non-negated list element,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand closer than any negated element.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Because of the first-match aspect of the algorithm, an element
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat defines a subset of another element in the list should come
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbefore the broader element, regardless of whether either is negated. For
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> the 1.2.3.13 element is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincompletely useless because the algorithm will match any lookup for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat problem by having 1.2.3.13 blocked by the negation but all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinother 1.2.3.* hosts fall through.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1315"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1.2. Comment Syntax</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 comment syntax allows for comments to appear
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein anywhere that white space may appear in a <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> configuration
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews file. To appeal to programmers of all kinds, they can be written
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1320"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.1.2.1. Syntax</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>/* This is a <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> comment as in C */</PRE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>// This is a <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> comment as in C++</PRE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein># This is a <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> comment as in common UNIX shells and perl</PRE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserNAME="AEN1329"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User>6.1.2.2. Definition and Usage</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Comments may appear anywhere that whitespace may appear in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> configuration file.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>C-style comments start with the two characters /* (slash,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstar) and end with */ (star, slash). Because they are completely
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindelimited with these characters, they can be used to comment only
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Usera portion of a line or to span multiple lines.</P
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User>C-style comments cannot be nested. For example, the following
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis not valid because the entire comment ends with the first */:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>/* This is the start of a comment.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is still part of the comment.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein/* This is an incorrect attempt at nesting a comment. */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is no longer in any comment. */
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>C++-style comments start with the two characters // (slash,
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userslash) and continue to the end of the physical line. They cannot
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userbe continued across multiple physical lines; to have one logical
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Usercomment span multiple lines, each line must use the // pair.</P
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>For example:</P
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="programlisting"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>// This is the start of a comment. The next line
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User// is a new comment, even though it is logically
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User// part of the previous comment.
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>Shell-style (or perl-style, if you prefer) comments start
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userwith the character <TT
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="literal"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User> (number sign) and continue to the end of the
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userphysical line, as in C++ comments.</P
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>For example:</P
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="programlisting"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User># This is the start of a comment. The next line
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User# is a new comment, even though it is logically
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User# part of the previous comment.
02bd0d97b8e0193e229b16446b65bdb4c84ce33eTinderbox UserCLASS="warning"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="warning"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserALIGN="CENTER"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>WARNING: you cannot use the semicolon (`;') character
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User to start a comment such as you would in a zone file. The
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User semicolon indicates the end of a configuration
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User statement.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="Configuration_File_Grammar"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2. Configuration File Grammar</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 configuration consists of statements and comments.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Statements end with a semicolon. Statements and comments are the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only elements that can appear without enclosing braces. Many
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statements contain a block of substatements, which are also
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein terminated with a semicolon.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following statements are supported:</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="informaltable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN1353"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>defines a named IP address
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsmatching list, for access control and other uses.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>declares control channels to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> utility.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>includes a file.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>specifies key information for use in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinauthentication and authorization using TSIG.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>specifies what the server logs, and where
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe log messages are sent.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User>controls global server configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions and sets defaults for other statements.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>sets certain configuration options on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina per-server basis.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
7329012471d165cd3dc4180ad2a0a43de91e7f01Mark Andrews>trusted-keys</B
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>defines trusted DNSSEC keys.</P
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserVALIGN="MIDDLE"
cf3f55777b86527d5b00bb39d661c5fe6f9625f2Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>defines a view.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>defines a zone.</P
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statements may only occur once per
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews configuration.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1422"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox User> Statement Grammar</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein address_match_list
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Definition and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement assigns a symbolic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein name to an address match list. It gets its name from a primary
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein use of address match lists: Access Control Lists (ACLs).</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Note that an address match list's name must be defined
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="command"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews> before it can be used elsewhere; no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein forward references are allowed.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following ACLs are built-in:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1435"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches no hosts.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>localhost</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches the IPv4 addresses of all network
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeininterfaces on the system.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>localnets</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches any host on an IPv4 network for which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe system has an interface.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>localhost</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>localnets</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACLs do not currently support IPv6 (that is,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>localhost</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> does not match the host's IPv6 addresses,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>localnets</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> does not match the host's attached
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIPv6 networks) due to the lack of a standard method of determining the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincomplete set of local IPv6 addresses for a host.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1469"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater> Statement Grammar</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein inet ( ip_addr | * ) [<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> port ip_port </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] allow { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> address_match_list </I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> key_list </I
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="optional"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater> inet ...; </SPAN
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas GustafssonNAME="controls_statement_definition_and_usage"
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater> Statement Definition and Usage</A
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater> statement declares control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channels to be used by system administrators to affect the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein operation of the local nameserver. These control channels are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein used by the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> utility to send commands to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and retrieve non-DNS results from a nameserver.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein socket accessible to the Internet, created at the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> on the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. If no port is specified, port 953
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is used by default. "*" cannot be used for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The ability to issue commands over the control channel is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein restricted by the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> clauses. Connections to the control
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein channel are permitted based on the address permissions in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein members of the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ignored, and instead are interpreted independently based the
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> is allowed to be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authenticate commands and responses given over the control
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein channel by digitally signing each message between the server and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a command client (See <A
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>Remote Name Daemon Control application</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch03.html#admin_tools"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 3.4.1.2</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>). All commands to the control channel
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein must be signed by one of its specified keys to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be honored.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> If no <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement is present,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will set up a default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrol channel listening on the loopback address 127.0.0.1
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand its IPv6 counterpart ::1.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIn this case, and also when the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis present but does not have a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will attempt to load the command channel key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfrom the file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> (or whatever <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>sysconfdir</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwas specified as when <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> was built).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTo create a <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>rndc-confgen -a</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> feature was created to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ease the transition of systems from <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein which did not have digital signatures on its command channel messages
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and thus did not have a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIt makes it possible to use an existing <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconfiguration file in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 unchanged,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand still have <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> work the same way
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> worked in BIND 8, simply by executing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>rndc-keygen -a</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> after BIND 9 is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Since the <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is only intended to allow the backward-compatible usage of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 8 configuration files, this feature does not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein have a high degree of configurability. You cannot easily change
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the key name or the size of the secret, so you should make a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> with your own key if you wish to change
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein those things. The <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> file also has its
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein permissions set such that only the owner of the file (the user that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is running as) can access it. If you
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater desire greater flexibility in allowing other users to access
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> commands then you need to create an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> and make it group readable by a group
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that contains the users who should have access.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The UNIX control channel type of <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 8 is not supported
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9, and is not expected to be added in future
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein releases. If it is present in the controls statement from a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 8 configuration file, it is ignored
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and a warning is logged.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1533"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Grammar</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1538"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
47b6d855e3a569e46ec2481dd1abb62e99752817Mark Andrews> Statement Definition and Usage</A
64affc54f96a2c71cbd10ed71e246ce0746259aaAutomatic UpdaterCLASS="command"
64affc54f96a2c71cbd10ed71e246ce0746259aaAutomatic Updater> statement inserts the
64affc54f96a2c71cbd10ed71e246ce0746259aaAutomatic Updater specified file at the point that the <B
64affc54f96a2c71cbd10ed71e246ce0746259aaAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statement is encountered. The <B
3c9cf7efb97991f9871bc5633e7ed1cae0932a37Automatic UpdaterCLASS="command"
3c9cf7efb97991f9871bc5633e7ed1cae0932a37Automatic Updater statement facilitates the administration of configuration files
3c9cf7efb97991f9871bc5633e7ed1cae0932a37Automatic Updater by permitting the reading or writing of some things but not
3c9cf7efb97991f9871bc5633e7ed1cae0932a37Automatic Updater others. For example, the statement could include private keys
3c9cf7efb97991f9871bc5633e7ed1cae0932a37Automatic Updater that are readable only by a nameserver.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1545"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater> Statement Grammar</A
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="programlisting"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein algorithm <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1552"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Definition and Usage</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement defines a shared
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsecret key for use with TSIG, see <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 4.4</A
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="command"
c96e7744e0da3accf075c966f9a3f0f8e50a2cf4Tinderbox User> statement can occur at the top level
c96e7744e0da3accf075c966f9a3f0f8e50a2cf4Tinderbox Userof the configuration file or inside a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsstatement. Keys defined in top-level <B
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark AndrewsCLASS="command"
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsstatements can be used in all views. Keys intended for use in
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark AndrewsCLASS="command"
12351e0500dff39f56844401fd191a36bcc4a7adMark AndrewsHREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
12351e0500dff39f56844401fd191a36bcc4a7adMark Andrews>Section 6.2.4</A
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsmust be defined at the top level.
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark AndrewsCLASS="replaceable"
12351e0500dff39f56844401fd191a36bcc4a7adMark Andrews>, also known as the
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewskey name, is a domain name uniquely identifying the key. It can
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsbe used in a "server" statement to cause requests sent to that
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updaterserver to be signed with this key, or in address match lists to
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsverify that incoming requests have been signed with a key
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrewsmatching this name, algorithm, and secret.</P
12351e0500dff39f56844401fd191a36bcc4a7adMark AndrewsCLASS="replaceable"
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrews>algorithm_id</I
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrews> is a string
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterthat specifies a security/authentication algorithm. The only
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updateralgorithm currently supported with TSIG authentication is
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="literal"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="replaceable"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater>secret_string</I
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater> is the secret to be
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterused by the algorithm, and is treated as a base-64 encoded
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserNAME="AEN1570"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> Statement Grammar</A
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="programlisting"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="replaceable"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>channel_name</I
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="literal"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="replaceable"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater>syslog_facility</I
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>print-category</B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>print-severity</B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>category_name</I
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>channel_name</I
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="replaceable"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>channel_nam</I
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater> Statement Definition and Usage</A
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater> statement configures a wide
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updatervariety of logging options for the nameserver. Its <B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterassociates output methods, format options and severity levels with
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updatera name that can then be used with the <B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterto select how various classes of messages are logged.</P
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater> statement is used to define
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updateras many channels and categories as are wanted. If there is no <B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterthe logging configuration will be:</P
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="programlisting"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater category "unmatched" { "null"; };
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater category "default" { "default_syslog"; "default_debug"; };
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="acronym"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater> 9, the logging configuration is only established when
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterthe entire configuration file has been parsed. In <SPAN
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="acronym"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterestablished as soon as the <B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterwas parsed. When the server is starting up, all logging messages
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterregarding syntax errors in the configuration file go to the default
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterchannels, or to standard error if the "<TT
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterwas specified.</P
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>6.2.10.1. The <B
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>All log output goes to one or more <I
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="emphasis"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updateryou can make as many of them as you want.</P
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>Every channel definition must include a destination clause that
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updatersays whether messages selected for the channel go to a file, to a
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterparticular syslog facility, to the standard error stream, or are
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterdiscarded. It can optionally also limit the message severity level
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updaterthat will be accepted by the channel (the default is
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>), and whether to include a
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic UpdaterCLASS="command"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater>-generated time stamp, the category name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand/or severity level (the default is not to include any).</P
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> destination clause
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincauses all messages sent to the channel to be discarded;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin that case, other options for the channel are meaningless.</P
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> destination clause directs the channel
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto a disk file. It can include limitations
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonboth on how large the file is allowed to become, and how many versions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the file will be saved each time the file is opened.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>If you use the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> log file option, then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews> will retain that many backup versions of the file by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrenaming them when opening. For example, if you choose to keep 3 old versions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> then just before it is opened
0efe2893b6a53d11b84b6ac0fe4508a0e9d1daddTinderbox UserCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is renamed to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrenamed to <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinYou can say <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>versions unlimited;</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> to not limit
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe number of versions.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option is associated with the log file,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthen renaming is only done when the file being opened exceeds the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinindicated size. No backup versions are kept by default; any existing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlog file is simply appended.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option for files is used to limit log
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingrowth. If the file ever exceeds the size, then <B
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updaterstop writing to the file unless it has a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinassociated with it. If backup versions are kept, the files are rolled as
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userdescribed above and a new one begun. If there is no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater> option, no more data will be written to the log
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updateruntil some out-of-band mechanism removes or truncates the log to less than the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmaximum size. The default behavior is not to limit the size of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Example usage of the <B
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>channel "an_example_channel" {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file "example.log" versions 3 size 20m;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print-time yes;
0284e57b9b9dfaf2517a2cc3282ecf766b8ad075Automatic Updater print-category yes;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> destination clause directs the
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updaterchannel to the system log. Its argument is a
54e57d8ff46096e9c6a9af95f2522b56cb3877b2Automatic Updatersyslog facility as described in the <B
54e57d8ff46096e9c6a9af95f2522b56cb3877b2Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews> will handle messages sent to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthis facility is described in the <B
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpage. If you have a system which uses a very old version of <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinonly uses two arguments to the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>openlog()</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthen this clause is silently ignored.</P
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> clause works like <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein"priorities," except that they can also be used if you are writing
ebabe300b615154d08f5577822cfd8726d2643c8Automatic Updaterstraight to a file rather than using <B
36da16fa31fa2a582afe67010ba449a57177fd2fAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinMessages which are not at least of the severity level given will
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewsnot be selected for the channel; messages of higher severity levels
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwill be accepted.</P
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>If you are using <B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>, then the <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
3a3705ef7747327df182bf8d009333d2472253d5Mark Andrewswill also determine what eventually passes through. For example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindefining a channel facility and severity as <B
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="command"
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinonly logging <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewscause messages of severity <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="command"
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic Updaterbe dropped. If the situation were reversed, with <B
6bf6622b7b9053dc52527478473b572f042c4b5bMark AndrewsCLASS="command"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Usermessages of only <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> or higher, then <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userprint all messages it received from the channel.</P
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User> destination clause directs the
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userchannel to the server's standard error stream. This is intended for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsuse when the server is running as a foreground process, for example
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userwhen debugging a configuration.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>The server can supply extensive debugging information when
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userit is in debugging mode. If the server's global debug level is greater
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userthan zero, then debugging mode will be active. The global debug
a404eb87dc8f91fe81bedce8bb3957fc3c7684a5Mark Andrewslevel is set either by starting the <B
89bc48260b64a8859ae717e9e5bae380e275fef4Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="option"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> flag followed by a positive integer,
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updateror by running <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>rndc trace</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe global debug level
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincan be set to zero, and debugging mode turned off, by running <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>. All debugging messages in the server have a debug
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userlevel, and higher debug levels give more detailed output. Channels
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userthat specify a specific debug severity, for example:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews>channel "specific_debug_level" {
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User severity debug 3;
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>will get debugging output of level 3 or less any time the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver is in debugging mode, regardless of the global debugging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlevel. Channels with <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> severity use the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver's global level to determine what messages to print.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>print-time</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> has been turned on, then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe date and time will be logged. <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>print-time</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe specified for a <B
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> channel, but is usually
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterpointless since <B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> also prints the date and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>print-category</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is requested, then the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincategory of the message will be logged as well. Finally, if <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>print-severity</B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Useron, then the severity level of the message will be logged. The <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> options may
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe used in any combination, and will always be printed in the following
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinorder: time, category, severity. Here is an example where all three <B
cd0df9459e87097d01fc6c0de0a283c7e8d3c401Automatic UpdaterCLASS="command"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="computeroutput"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic Updater>28-Feb-2000 15:05:32.863 general: notice: running</TT
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic Updater>There are four predefined channels that are used for
65ad89971ee9973074cd11c207af92bf5440df01Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>'s default logging as follows. How they are
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewsused is described in <A
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox UserHREF="Bv9ARM.ch06.html#the_category_phrase"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.10.2</A
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox UserCLASS="programlisting"
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox User>channel "default_syslog" {
df6faef67126d1277b0f21defd41c54994bf6fcfMark Andrews syslog daemon; // end to syslog's daemon
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein severity info; // only send priority info
538a83db7509d598da95a93bd7b74ef3112123a4Mark Andrews // and higher
43b94483957d3168796a816ed86cf097518817dcTinderbox Userchannel "default_debug" {
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews // the working directory
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews // Note: stderr is used instead
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews // if the server is started
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews // with the '-f' option.
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic Updater severity dynamic; // log at the server's
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater // current debug level
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userchannel "default_stderr" { // writes to stderr
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User severity info; // only send priority info
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User // and higher
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userchannel "null" {
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User null; // toss anything sent to
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User // this channel
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>default_debug</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> channel has the special
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userproperty that it only produces output when the server's debug level is
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox Usernonzero. It normally writes to a file <TT
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="filename"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userin the server's working directory.</P
0c487f4b6eade1440ea40f5a5ffc9b5fd4c41ed1Mark Andrews>For security reasons, when the "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="option"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincommand line option is used, the <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis created only after <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> has changed to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnew UID, and any debug output generated while <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstarting up and still running as root is discarded. If you need
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterto capture this output, you must run the server with the "<TT
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updateroption and redirect standard error to a file.</P
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>Once a channel is defined, it cannot be redefined. Thus you
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updatercannot alter the built-in channels directly, but you can modify
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterthe default logging by pointing categories at channels you have defined.</P
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterNAME="the_category_phrase"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>6.2.10.2. The <B
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="command"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>There are many categories, so you can send the logs you want
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterto see wherever you want, without seeing logs you don't want. If
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updateryou don't specify a list of channels for a category, then log messages
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterin that category will be sent to the <B
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="command"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterinstead. If you don't specify a default category, the following
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater"default default" is used:</P
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="programlisting"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>category "default" { "default_syslog"; "default_debug"; };
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>As an example, let's say you want to log security events to
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updatera file, but you also want keep the default logging behavior. You'd
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterspecify the following:</P
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="programlisting"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>channel "my_security_channel" {
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater file "my_security_file";
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater severity info;
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updatercategory "security" {
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater "my_security_channel";
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater "default_syslog";
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater "default_debug";
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>To discard all messages in a category, specify the <B
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="command"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="programlisting"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>category "xfer-out" { "null"; };
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updatercategory "notify" { "null"; };
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater>Following are the available categories and brief descriptions
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updaterof the types of log information they contain. More
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updatercategories may be added in future <SPAN
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="acronym"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="informaltable"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCELLPADDING="3"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterCLASS="CALSTABLE"
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>The default category defines the logging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions for those categories where no specific configuration has been
f8da2eefea1ea17bb233fa8c0c9b18404075dd9cAutomatic UpdaterVALIGN="MIDDLE"
f8da2eefea1ea17bb233fa8c0c9b18404075dd9cAutomatic UpdaterCLASS="command"
b397f922936e9f73aa8c3ea40be3ad74285dacaaTinderbox UserVALIGN="MIDDLE"
b397f922936e9f73aa8c3ea40be3ad74285dacaaTinderbox User>The catch-all. Many things still aren't
b397f922936e9f73aa8c3ea40be3ad74285dacaaTinderbox Userclassified into categories, and they all end up here.</P
b397f922936e9f73aa8c3ea40be3ad74285dacaaTinderbox UserVALIGN="MIDDLE"
b397f922936e9f73aa8c3ea40be3ad74285dacaaTinderbox UserCLASS="command"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsVALIGN="MIDDLE"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>Messages relating to the databases used
517ae3de96aaf870049c52f1224e38a85fe7f21aAutomatic Updaterinternally by the name server to store zone and cache data.</P
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsVALIGN="MIDDLE"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsCLASS="command"
517ae3de96aaf870049c52f1224e38a85fe7f21aAutomatic UpdaterVALIGN="MIDDLE"
517ae3de96aaf870049c52f1224e38a85fe7f21aAutomatic Updater>Approval and denial of requests.</P
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsVALIGN="MIDDLE"
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic UpdaterCLASS="command"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsVALIGN="MIDDLE"
517ae3de96aaf870049c52f1224e38a85fe7f21aAutomatic Updater>Configuration file parsing and processing.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>DNS resolution, such as the recursive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlookups performed on behalf of clients by a caching name server.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Zone transfers the server is receiving.</P
1224c3b69b3d18f7127aa042644936af25a2d679Mark AndrewsVALIGN="MIDDLE"
1224c3b69b3d18f7127aa042644936af25a2d679Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>Zone transfers the server is sending.</P
ebabe300b615154d08f5577822cfd8726d2643c8Automatic UpdaterVALIGN="MIDDLE"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterCLASS="command"
54e57d8ff46096e9c6a9af95f2522b56cb3877b2Automatic UpdaterVALIGN="MIDDLE"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>The NOTIFY protocol.</P
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterVALIGN="MIDDLE"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterVALIGN="MIDDLE"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>Processing of client requests.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>unmatched</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Messages that named was unable to determine the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinclass of or for which there was no matching <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinA one line summary is also logged to the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThis category is best sent to a file or stderr, by default it is sent to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> channel.</P
285254345ce5ab270848f8c11f7be146793f1e00Mark AndrewsVALIGN="MIDDLE"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic Updater>Network operations.</P
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterVALIGN="MIDDLE"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="command"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterVALIGN="MIDDLE"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic Updater>Dynamic updates.</P
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterVALIGN="MIDDLE"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox User>Queries. Using the category <B
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will enable query logging.</P
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox UserVALIGN="MIDDLE"
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox UserCLASS="command"
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox UserVALIGN="MIDDLE"
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox User>Dispatching of incoming packets to the
aa444144ad14bdd909fe5b70e1f7730b46ec6072Tinderbox Userserver modules where they are to be processed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterCLASS="command"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterVALIGN="MIDDLE"
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater>DNSSEC and TSIG protocol processing.
36da16fa31fa2a582afe67010ba449a57177fd2fAutomatic UpdaterVALIGN="MIDDLE"
36da16fa31fa2a582afe67010ba449a57177fd2fAutomatic UpdaterCLASS="command"
36da16fa31fa2a582afe67010ba449a57177fd2fAutomatic Updater>lame-servers</B
ebabe300b615154d08f5577822cfd8726d2643c8Automatic UpdaterVALIGN="MIDDLE"
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updater>Lame servers. These are misconfigurations
d060d8669f5558690e7faf4a1c12fe5c02a7c60dAutomatic Updaterin remote servers, discovered by BIND 9 when trying to query
e31a258ca6ef845faf483fa8f04921e8841d3213Tinderbox Userthose servers during resolution.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN1841"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterCLASS="command"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updater> Statement Grammar</A
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updater> This is the grammar of the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstatement in the <TT
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="filename"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="programlisting"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="command"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="optional"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic Updater> listen-on { <TT
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="replaceable"
65ad89971ee9973074cd11c207af92bf5440df01Automatic UpdaterCLASS="optional"
65ad89971ee9973074cd11c207af92bf5440df01Automatic UpdaterCLASS="replaceable"
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic UpdaterCLASS="optional"
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic UpdaterCLASS="replaceable"
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic UpdaterCLASS="optional"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="replaceable"
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic Updater>] ; ... </SPAN
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic UpdaterCLASS="optional"
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic UpdaterCLASS="replaceable"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="optional"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="replaceable"
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic Updater>domain_name</I
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic UpdaterCLASS="optional"
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic UpdaterCLASS="replaceable"
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic Updater>domain_name</I
b287974d182a164b84eaeaead39fcbe225e2a7f9Automatic UpdaterCLASS="optional"
d893c6248414d34d434a63216eaa5bd1fbec4ca4Automatic UpdaterCLASS="replaceable"
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="command"
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater> Statement Definition and Usage</A
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="command"
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater> statement configures the name
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updaterserver to also act as a lightweight resolver server, see
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater>Section 5.2</A
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater>. There may be be multiple
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="command"
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater> statements configuring
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updaterlightweight resolver servers with different properties.</P
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="command"
9ca53742af3671da346701a61cac8188eadc4674Tinderbox User> statement specifies a list of
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updateraddresses (and ports) that this instance of a lightweight resolver daemon
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updatershould accept requests on. If no port is specified, port 921 is used.
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserIf this statement is omitted, requests will be accepted on 127.0.0.1,
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="command"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User> statement binds this instance of a
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userlightweight resolver daemon to a view in the DNS namespace, so that the
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userresponse will be constructed in the same manner as a normal DNS query
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Usermatching this view. If this statement is omitted, the default view is
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userused, and if there is no default view, an error is triggered.</P
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="command"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User> statement is equivalent to the
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="command"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User> statement in
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="filename"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User>. It provides a list of domains
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userwhich are appended to relative names in queries.</P
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User> statement is equivalent to the
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User> statement in
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="filename"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User>. It indicates the minimum
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox Usernumber of dots in a relative domain name that should result in an
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox Userexact match lookup before search path elements are appended.</P
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserNAME="AEN1884"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User> Statement Grammar</A
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User>This is the grammar of the <B
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox Userstatement in the <TT
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="optional"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="replaceable"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User>version_string</I
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="optional"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User> hostname <TT
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="replaceable"
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater>hostname_string</I
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic UpdaterCLASS="optional"
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater> directory <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> named-xfer <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> tkey-domain <TT
71eeac3530eabb7f70f4b6bdba5addb40a5bca27Mark AndrewsCLASS="replaceable"
71eeac3530eabb7f70f4b6bdba5addb40a5bca27Mark AndrewsCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> tkey-dhkey <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> dump-file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> memstatistics-file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> pid-file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statistics-file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> zone-statistics <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> auth-nxdomain <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> deallocate-on-exit <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>dialup_option</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> fake-iquery <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> fetch-glue <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> has-old-clients <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> host-statistics <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> minimal-responses <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> multiple-cnames <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> recursion <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> rfc2308-type1 <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> use-id-pool <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> maintain-ixfr-base <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> forward ( <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> forwarders { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] ; ... </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> check-names ( <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> response</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-notify { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-query { <TT
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="replaceable"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-transfer { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-recursion { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-v6-synthesis { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> blackhole { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
7526edc7677371c366232de5f39a678b7dcda747Mark Andrews>address_match_list</I
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsCLASS="optional"
7526edc7677371c366232de5f39a678b7dcda747Mark Andrews> listen-on [<SPAN
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsCLASS="optional"
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> listen-on-v6 [<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
53f41dd99da107af4e4e1e673d9c19a185463b24Tinderbox UserCLASS="replaceable"
53f41dd99da107af4e4e1e673d9c19a185463b24Tinderbox User>address_match_list</I
53f41dd99da107af4e4e1e673d9c19a185463b24Tinderbox UserCLASS="optional"
53f41dd99da107af4e4e1e673d9c19a185463b24Tinderbox User> query-source [<SPAN
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="optional"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User> address ( <TT
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-transfer-time-in <TT
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-transfer-time-out <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-transfer-idle-in <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews> max-transfer-idle-out <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> tcp-clients <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> recursive-clients <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> serial-query-rate <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> serial-queries <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfer-format <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>( one-answer | many-answers )</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfers-in <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfers-out <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfers-per-ns <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfer-source (<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
04ecc85ca69027c4d56b4a11ce5bafb21ebf3966Automatic UpdaterCLASS="replaceable"
04ecc85ca69027c4d56b4a11ce5bafb21ebf3966Automatic UpdaterCLASS="optional"
04ecc85ca69027c4d56b4a11ce5bafb21ebf3966Automatic Updater> transfer-source-v6 (<TT
04ecc85ca69027c4d56b4a11ce5bafb21ebf3966Automatic UpdaterCLASS="replaceable"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="constant"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="optional"
cd0df9459e87097d01fc6c0de0a283c7e8d3c401Automatic UpdaterCLASS="replaceable"
996dbb19570bb25601a3611db5d59ccda0a064c5Automatic UpdaterCLASS="optional"
996dbb19570bb25601a3611db5d59ccda0a064c5Automatic Updater> notify-source (<TT
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="replaceable"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="constant"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="optional"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="replaceable"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="optional"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic Updater> notify-source-v6 (<TT
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="replaceable"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="constant"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="optional"
e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011ccAutomatic UpdaterCLASS="replaceable"
4cfb5ea3a5dd28477df37004d6345992d5f41a3fTinderbox UserCLASS="optional"
2cc7515f8a0c2f5f86ec85a853c7cb855b3d9536Tinderbox User> also-notify { <TT
4cfb5ea3a5dd28477df37004d6345992d5f41a3fTinderbox UserCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
2a1d6afad5c725cbc796c10f1d2b9041eda9f077Automatic UpdaterCLASS="replaceable"
2a1d6afad5c725cbc796c10f1d2b9041eda9f077Automatic UpdaterCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] ; ... </SPAN
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic UpdaterCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-ixfr-log-size <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</I
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterCLASS="optional"
f051d76c87e055c6ea3879e0c97a76609df915ccMark AndrewsCLASS="replaceable"
f051d76c87e055c6ea3879e0c97a76609df915ccMark Andrews>size_spec</I
ebabe300b615154d08f5577822cfd8726d2643c8Automatic UpdaterCLASS="optional"
ebabe300b615154d08f5577822cfd8726d2643c8Automatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews> stacksize <TT
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="replaceable"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews>size_spec</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> cleaning-interval <TT
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> heartbeat-interval <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> interface-interval <TT
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
f02216f5b390ff0a589fa080f29350fd7794bf5cMark Andrews> statistics-interval <TT
72628d3a5ef809d995c759130a81a1b1ae1395e0Automatic UpdaterCLASS="replaceable"
e2e4d321999340802f77adaacd19c797d04b4b95Automatic UpdaterCLASS="optional"
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater> topology { <TT
e2e4d321999340802f77adaacd19c797d04b4b95Automatic UpdaterCLASS="replaceable"
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater>address_match_list</I
3a3705ef7747327df182bf8d009333d2472253d5Mark AndrewsCLASS="optional"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> sortlist { <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="replaceable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> rrset-order { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>order_spec</I
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="optional"
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox UserCLASS="replaceable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>order_spec</I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> ; ... </SPAN
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="optional"
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews> lame-ttl <TT
dc91524e4b73ee70908a295e3f2f62305680c5c2Automatic UpdaterCLASS="replaceable"
299e3f18eb4f9297e6f06ca373806b07bec13a02Tinderbox UserCLASS="optional"
299e3f18eb4f9297e6f06ca373806b07bec13a02Tinderbox User> max-ncache-ttl <TT
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox UserCLASS="replaceable"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="optional"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews> max-cache-ttl <TT
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="replaceable"
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="optional"
a057e8e33baa5fa369be28a9680585200ce3ff73Mark Andrews> sig-validity-interval <TT
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="replaceable"
299e3f18eb4f9297e6f06ca373806b07bec13a02Tinderbox UserCLASS="optional"
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox User> min-roots <TT
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="replaceable"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="optional"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews> use-ixfr <TT
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="replaceable"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>yes_or_no</I
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="optional"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater> provide-ixfr <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="replaceable"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="optional"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater> request-ixfr <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="replaceable"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="optional"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater> treat-cr-as-space <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="replaceable"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="optional"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater> min-refresh-time <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="replaceable"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="optional"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater> max-refresh-time <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="replaceable"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic UpdaterCLASS="optional"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic Updater> min-retry-time <TT
db6353c9b89628e16f6e729ce57baabad3460c49Automatic UpdaterCLASS="replaceable"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic UpdaterCLASS="optional"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic Updater> max-retry-time <TT
db6353c9b89628e16f6e729ce57baabad3460c49Automatic UpdaterCLASS="replaceable"
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic UpdaterCLASS="optional"
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic UpdaterCLASS="replaceable"
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic UpdaterCLASS="optional"
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic Updater> additional-from-auth <TT
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic UpdaterCLASS="replaceable"
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic UpdaterCLASS="optional"
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic Updater> additional-from-cache <TT
7a0d680aa507f1b9beaa5c350e4d562aab534323Automatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> random-device <TT
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>path_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-adb-size <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews> max-cache-size <TT
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>size_spec</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> match-mapped-addresses <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN2106"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Definition and Usage</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement sets up global options
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto be used by <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>. This statement may appear only
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrewsonce in a configuration file. If more than one occurrence is found,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe first occurrence determines the actual options used, and a warning
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwill be generated. If there is no <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstatement, an options block with each option set to its default will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="variablelist"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The version the server should report
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinvia a query of the name <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe default is the real version number of this server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinSpecifying <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>version none;</B
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrewsdisables processing of the queries.</P
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The hostname the server should report via a query of
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="command"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsThis defaults to the hostname of the machine hosting the nameserver as
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewsfound by gethostname(). The primary purpose of such queries is to
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewsidentify which of a group of anycast servers is actually
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewsanswering your queries. Specifying <B
21e01d1a464c9b3c694534a5e283bcde361e72bdTinderbox UserCLASS="command"
21e01d1a464c9b3c694534a5e283bcde361e72bdTinderbox User>hostname none;</B
21e01d1a464c9b3c694534a5e283bcde361e72bdTinderbox Userdisables processing of the queries.</P
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews>directory</B
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews>The working directory of the server.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsAny non-absolute pathnames in the configuration file will be taken
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewsas relative to this directory. The default location for most server
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="filename"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews>) is this directory.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsIf a directory is not specified, the working directory defaults
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="filename"
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews>', the directory from which the server
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewswas started. The directory specified should be an absolute path.</P
bddb70a27123e31020438cff811d898d44b42c71Mark AndrewsCLASS="command"
bddb70a27123e31020438cff811d898d44b42c71Mark Andrews>named-xfer</B
bddb70a27123e31020438cff811d898d44b42c71Mark AndrewsCLASS="emphasis"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews>This option is obsolete.</I
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsIt was used in <SPAN
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="acronym"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrewsspecify the pathname to the <B
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>named-xfer</B
bddb70a27123e31020438cff811d898d44b42c71Mark AndrewsCLASS="acronym"
bddb70a27123e31020438cff811d898d44b42c71Mark Andrews> 9, no separate <B
bddb70a27123e31020438cff811d898d44b42c71Mark AndrewsCLASS="command"
bddb70a27123e31020438cff811d898d44b42c71Mark Andrews>named-xfer</B
bddb70a27123e31020438cff811d898d44b42c71Mark Andrewsneeded; its functionality is built into the name server.</P
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews>tkey-domain</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The domain appended to the names of all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinshared keys generated with <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. When a client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrequests a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> exchange, it may or may not specify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe desired name for the key. If present, the name of the shared
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinkey will be "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>client specified part</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>tkey-domain</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinOtherwise, the name of the shared key will be "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>tkey-domain</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>". In most cases,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>domainname</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> should be the server's domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>tkey-dhkey</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The Diffie-Hellman key used by the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto generate shared keys with clients using the Diffie-Hellman mode
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. The server must be able to load the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpublic and private keys from files in the working directory. In
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmost cases, the keyname should be the server's host name.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>dump-file</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The pathname of the file the server dumps
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe database to when instructed to do so with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>rndc dumpdb</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIf not specified, the default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
07ee99c7d0c2cd7f3e72263c29bd76ebd6d7ed43Automatic UpdaterCLASS="command"
07ee99c7d0c2cd7f3e72263c29bd76ebd6d7ed43Automatic Updater>memstatistics-file</B
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User>The pathname of the file the server writes memory
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Userusage statistics to on exit. If not specified,
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Userthe default is <TT
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="filename"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User>Not yet implemented in <SPAN
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="acronym"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="command"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User>The pathname of the file the server writes its process ID
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Userin. If not specified, the default is <TT
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="filename"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserThe pid-file is used by programs that want to send signals to the running
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Usernameserver. Specifying <B
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="command"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User>pid-file none;</B
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User> disables the
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Useruse of a PID file — no file will be written and any
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Userexisting one will be removed. Note that <B
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="command"
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Useris a keyword, not a file name, and therefore is not enclosed in
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox Userdouble quotes.</P
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserCLASS="command"
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic Updater>statistics-file</B
e7ac7921af0a875c17af3e8cb8cca46d1776ffe7Tinderbox User>The pathname of the file the server appends statistics
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic Updaterto when instructed to do so using <B
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIf not specified, the default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver's current directory. The format of the file is described
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#statsfile"
0efe2893b6a53d11b84b6ac0fe4508a0e9d1daddTinderbox User>Section 6.2.14.15</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> The UDP/TCP port number the server uses for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinreceiving and sending DNS protocol traffic.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is 53. This option is mainly intended for server testing;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina server using a port other than 53 will not be able to communicate with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe global DNS.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option should be placed at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe beginning of the options block, before
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinany other options that take port numbers or IP addresses,
24e79a68e1b16324e17364fcd8959379ff6e20e9Mark Andrewsto ensure that the port value takes effect for all addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinused by the server.</P
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox UserCLASS="command"
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User>random-device</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> The source of entropy to be used by the server. Entropy is primarily needed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor DNSSEC operations, such as TKEY transactions and dynamic update of signed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzones. This options specifies the device (or file) from which to read
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinentropy. If this is a file, operations requiring entropy will fail when the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfile has been exhausted. If not specified, the default value is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein(or equivalent) when present, and none otherwise. The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>random-device</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option takes effect during
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe initial configuration load at server startup time and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis ignored on subsequent reloads.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="boolean_options"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.14.1. Boolean Options</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="variablelist"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>auth-nxdomain</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
89bc48260b64a8859ae717e9e5bae380e275fef4Mark Andrews>, then the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis always set on NXDOMAIN responses, even if the server is not actually
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinauthoritative. The default is <TT
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina change from <SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> 8. If you are using very old DNS software, you
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updatermay need to set it to <TT
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="userinput"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>deallocate-on-exit</B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>This option was used in <SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> 8 to enable checking
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterfor memory leaks on exit. <SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> 9 ignores the option and always performs
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="userinput"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterserver treats all zones as if they are doing zone transfers across
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updatera dial on demand dialup link, which can be brought up by traffic
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updateroriginating from this server. This has different effects according
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterto zone type and concentrates the zone maintenance so that it all
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterhappens in a short interval, once every <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>heartbeat-interval</B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterhopefully during the one call. It also suppresses some of the normal
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterzone maintenance traffic. The default is <TT
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="userinput"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updatermay also be specified in the <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterin which case it overrides the global <B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>If the zone is a master zone then the server will send out a NOTIFY
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterrequest to all the slaves. This will trigger the zone serial number check
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterin the slave (providing it supports NOTIFY) allowing the slave to
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterverify the zone while the connection is active.</P
89bc48260b64a8859ae717e9e5bae380e275fef4Mark Andrewszone is a slave or stub zone, then the server will suppress the regular
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater"zone up to date" (refresh) queries and only perform them when the
89bc48260b64a8859ae717e9e5bae380e275fef4Mark AndrewsCLASS="command"
89bc48260b64a8859ae717e9e5bae380e275fef4Mark Andrews>heartbeat-interval</B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater> expires in addition to sending
89bc48260b64a8859ae717e9e5bae380e275fef4Mark AndrewsNOTIFY requests.</P
89bc48260b64a8859ae717e9e5bae380e275fef4Mark Andrews>Finer control can be achieved by using
89bc48260b64a8859ae717e9e5bae380e275fef4Mark AndrewsCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> which only sends NOTIFY messages,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>notify-passive</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> which sends NOTIFY messages and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsuppresses the normal refresh queries, <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewswhich suppresses normal refresh processing and send refresh queries
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>heartbeat-interval</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> expires and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> which just disables normal refresh
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinprocessing.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>fake-iquery</B
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic UpdaterCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 8, this option was used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinenable simulating the obsolete DNS query type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIQUERY. <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater> 9 never does IQUERY simulation.
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic UpdaterCLASS="command"
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater>This option is obsolete.
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>fetch-glue yes</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincaused the server to attempt to fetch glue resource records it
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindidn't have when constructing the additional
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindata section of a response. This is now considered a bad idea
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand BIND 9 never does it.</P
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>has-old-clients</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This option was incorrectly implemented
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 8, and is ignored by <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTo achieve the intended effect
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>has-old-clients</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe two separate options <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>auth-nxdomain</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic UpdaterCLASS="command"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic Updater>rfc2308-type1</B
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic UpdaterCLASS="userinput"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic UpdaterCLASS="command"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic Updater>host-statistics</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>In BIND 8, this enables keeping of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstatistics for every host that the nameserver interacts with.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNot implemented in BIND 9.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>maintain-ixfr-base</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="emphasis"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>This option is obsolete</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It was used in <SPAN
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="acronym"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> 8 to determine whether a transaction log was
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewskept for Incremental Zone Transfer. <SPAN
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="acronym"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews> 9 maintains a transaction
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewslog whenever possible. If you need to disable outgoing incremental zone
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrewstransfers, use <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>provide-ixfr</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>minimal-responses</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, then when generating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinresponses the server will only add records to the authority and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinadditional data sections when they are required (e.g. delegations,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnegative responses). This may improve the performance of the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews>multiple-cnames</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This option was used in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina domain name to allow multiple CNAME records in violation of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinDNS standards. <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9.2 always strictly
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinenforces the CNAME rules both in master files and dynamic updates.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="userinput"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews> (the default),
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsDNS NOTIFY messages are sent when a zone the server is authoritative for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinchanges, see <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 3.3</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. The messages are sent to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinservers listed in the zone's NS records (except the master server identified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin the SOA MNAME field), and to any servers listed in the
00124ad0406365d39f4b2d1011ef6a76706e9df0Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>also-notify</B
00124ad0406365d39f4b2d1011ef6a76706e9df0Mark AndrewsCLASS="userinput"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>, notifies are sent only to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsservers explicitly listed using <B
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic UpdaterCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>also-notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, no notifies are sent.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option may also be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinspecified in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin which case it overrides the <B
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="command"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews>options notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIt would only be necessary to turn off this option if it caused slaves
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursion</B
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="userinput"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsDNS query requests recursion, then the server will attempt to do
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewsall the work required to answer the query. If recursion is off
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewsand the server does not already know the answer, it will return a
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewsreferral response. The default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNote that setting <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursion no;</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> does not prevent
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userclients from getting data from the server's cache; it only
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterprevents new data from being cached as an effect of client queries.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCaching may still occur as an effect the server's internal
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updateroperation, such as NOTIFY address lookups.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="command"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>rfc2308-type1</B
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>Setting this to <TT
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="userinput"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updatercause the server to send NS records along with the SOA record for negative
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updateranswers. The default is <TT
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="userinput"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>Not yet implemented in <SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></BLOCKQUOTE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>use-id-pool</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This option is obsolete</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 always allocates query IDs from a pool.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>zone-statistics</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, the server will, by default, collect
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstatistical data on all zones in the server. These statistics may be accessed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>rndc stats</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, which will dump them to the file listed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>statistics-file</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. See also <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#statsfile"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.14.15</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This option is obsolete</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIf you need to disable IXFR to a particular server or servers see
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe information on the <B
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>provide-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.16</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch04.html#incremental_zone_transfers"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 4.2</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>provide-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> See the description of
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="command"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>provide-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.16</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>request-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> See the description of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>request-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.16</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updater>treat-cr-as-space</B
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updater>This option was used in <SPAN
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterCLASS="acronym"
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updaterthe server treat carriage return ("<B
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic UpdaterCLASS="command"
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updater>") characters the same way
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updateras a space or tab character,
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updaterto facilitate loading of zone files on a UNIX system that were generated
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic Updateron an NT or DOS machine. In <SPAN
4a71c59d2bf32585c5dd18f4630d5f10e56a1ab3Automatic UpdaterCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9, both UNIX "<B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="command"
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User>" newlines are always accepted,
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox Userand the option is ignored.</P
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="command"
8b1cba45ade83893c009b37f47d5478e97eb61d2Automatic Updater>additional-from-auth</B
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>additional-from-cache</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> These options control the behavior of an authoritative server when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinanswering queries which have additional data, or when following CNAME
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand DNAME chains.
85d259b3cf22bdbf7c1c1dadd95dfea4d5a84375Tinderbox User> When both of these options are set to <TT
85d259b3cf22bdbf7c1c1dadd95dfea4d5a84375Tinderbox UserCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein(the default) and a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinquery is being answered from authoritative data (a zone
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userconfigured into the server), the additional data section of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinreply will be filled in using data from other authoritative zones
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand from the cache. In some situations this is undesirable, such
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinas when there is concern over the correctness of the cache, or
2a9a5e1871710510cdbba67c13ce21e75296b451Automatic Updaterin servers where slave zones may be added and modified by
2a9a5e1871710510cdbba67c13ce21e75296b451Automatic Updateruntrusted third parties. Also, avoiding
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe search for this additional data will speed up server operations
2a9a5e1871710510cdbba67c13ce21e75296b451Automatic Updaterat the possible expense of additional queries to resolve what would
2a9a5e1871710510cdbba67c13ce21e75296b451Automatic Updaterotherwise be provided in the additional section.
2a9a5e1871710510cdbba67c13ce21e75296b451Automatic Updater> For example, if a query asks for an MX record for host <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand the record found is "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>", normally the address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrecords (A, A6, and AAAA) for <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will be provided as well,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinif known. Setting these options to <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> disables this behavior.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> These options are intended for use in authoritative-only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinservers, or in authoritative-only views. Attempts to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> without also specifying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursion no;</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> will cause the server to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinignore the options and log a warning message.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Specifying <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>additional-from-cache no</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindisables the use of the cache not only for additional data lookups
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbut also when looking up the answer. This is usually the desired
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbehavior in an authoritative-only server where the correctness of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe cached data is an issue.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> When a name server is non-recursively queried for a name that is not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbelow the apex of any served zone, it normally answers with an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein"upwards referral" to the root servers or the servers of some other
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinknown parent of the query name. Since the data in an upwards referral
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincomes from the cache, the server will not be able to provide upwards
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinreferrals when <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>additional-from-cache no</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinhas been specified. Instead, it will respond to such queries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwith REFUSED. This should not cause any problems since
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinupwards referrals are not required for the resolution process.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>match-mapped-addresses</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIPv4-mapped IPv6 address will match any address match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist entries that match the corresponding IPv4 address.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinEnabling this option is sometimes useful on IPv6-enabled Linux
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsystems, to work around a kernel quirk that causes IPv4
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTCP connections such as zone transfers to be accepted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinon an IPv6 socket using mapped addresses, causing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinaddress match lists designed for IPv4 to fail to match.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe use of this option for any other purpose is discouraged.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>ixfr-from-differences</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> When 'yes' and the server loads a new version of a master
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewszone from its zone file or receives a new version of a slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfile by a non-incremental zone transfer, it will compare
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe new version to the previous one and calculate a set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof differences. The differences are then logged in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone's journal file such that the changes can be transmitted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto downstream slaves as an incremental zone transfer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> By allowing incremental zone transfers to be used for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnon-dynamic zones, this option saves bandwidth at the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexpense of increased CPU and memory consumption at the master.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIn particular, if the new version of a zone is completely
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindifferent from the previous one, the set of differences
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwill be of a size comparable to the combined size of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinold and new zone version, and the server will need to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintemporarily allocate memory to hold this complete
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindifference set.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN2426"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.14.2. Forwarding</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The forwarding facility can be used to create a large site-wide
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincache on a few servers, reducing traffic over links to external
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnameservers. It can also be used to allow queries by servers that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindo not have direct access to the Internet, but wish to look up exterior
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnames anyway. Forwarding occurs only on those queries for which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe server is not authoritative and does not have the answer in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinits cache.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="variablelist"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This option is only meaningful if the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinforwarders list is not empty. A value of <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe default, causes the server to query the forwarders first, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinif that doesn't answer the question the server will then look for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe answer itself. If <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is specified, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver will only query the forwarders.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>forwarders</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies the IP addresses to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor forwarding. The default is the empty list (no forwarding).
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson>Forwarding can also be configured on a per-domain basis, allowing
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updaterfor the global forwarding options to be overridden in a variety
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updaterof ways. You can set particular domains to use different forwarders,
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updateror have a different <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updateror not forward at all, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_statement_grammar"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater>Section 6.2.21</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="access_control"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.14.3. Access Control</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Access to the server can be restricted based on the IP address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the requesting system. See <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#address_match_lists"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.1.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindetails on how to specify IP address lists.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="variablelist"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies which hosts are allowed to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnotify slaves of a zone change in addition to the zone masters.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> may also be specified in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement, in which case it overrides the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>options allow-notify</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement. It is only meaningful
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsfor a slave zone. If not specified, the default is to process notify messages
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinonly from a zone's master.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-query</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies which hosts are allowed to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinask ordinary questions. <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-query</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe specified in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement, in which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincase it overrides the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>options allow-query</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement. If
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnot specified, the default is to allow queries from all hosts.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-recursion</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies which hosts are allowed to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmake recursive queries through this server. If not specified, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindefault is to allow recursive queries from all hosts.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNote that disallowing recursive queries for a host does not prevent the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinhost from retrieving data that is already in the server's cache.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-v6-synthesis</B
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic Updater>Specifies which hosts are to receive
767c53c304b86460d72eeec7d3304172cdd904bdEvan Huntsynthetic responses to IPv6 queries as described in
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic Updater>Section 6.2.14.13</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-transfer</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereceive zone transfers from the server. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinalso be specified in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement, in which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincase it overrides the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>options allow-transfer</B
c92c50783e4e93699f2a42643b8f200b9b719c87Automatic UpdaterIf not specified, the default is to allow transfers from all hosts.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>blackhole</B
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic Updater>Specifies a list of addresses that the
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic Updaterserver will not accept queries from or use to resolve a query. Queries
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic Updaterfrom these addresses will not be responded to. The default is <TT
9ef82979c49da3dd3647273b1cd6ed7d3352c003Automatic UpdaterCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsNAME="AEN2491"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>6.2.14.4. Interfaces</A
49853562e29e3813e49c251cde132d7be6a6475eAutomatic Updater>The interfaces and ports that the server will answer queries
49853562e29e3813e49c251cde132d7be6a6475eAutomatic Updaterfrom may be specified using the <B
49853562e29e3813e49c251cde132d7be6a6475eAutomatic UpdaterCLASS="command"
49853562e29e3813e49c251cde132d7be6a6475eAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinan optional port, and an <TT
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe server will listen on all interfaces allowed by the address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmatch list. If a port is not specified, port 53 will be used.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>listen-on</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statements are allowed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinFor example,</P
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>listen-on { 5.6.7.8; };
cd3ee12f1d34107678bde7be68b1d7f0f45cf2c9Automatic Updater>will enable the nameserver on port 53 for the IP address
cd3ee12f1d34107678bde7be68b1d7f0f45cf2c9Automatic Updater5.6.7.8, and on port 1234 of an address on the machine in net
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein1.2 that is not 1.2.3.4.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>listen-on</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is specified, the
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrewsserver will listen on port 53 on all interfaces.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>listen-on-v6</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option is used to
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsspecify the ports on which the server will listen for incoming
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinqueries sent using IPv6.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The server does not bind a separate socket to each IPv6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeininterface address as it does for IPv4. Instead, it always
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterlistens on the IPv6 wildcard address. Therefore, the only
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updatervalues allowed for the <TT
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="varname"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>address_match_list</TT
d3907d27cc138f45772d3d63082ae02c7659148aAutomatic Updaterargument to the <B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic Updater>listen-on-v6</B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> statement are
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="programlisting"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="programlisting"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>listen-on-v6</B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> options can be
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterused to listen on multiple ports:</P
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="programlisting"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>listen-on-v6 port 53 { any; };
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterlisten-on-v6 port 1234 { any; };
2914684df93e6c3aa4d402b5a14fbe6137f538aeAutomatic Updater>To make the server not listen on any IPv6 address, use</P
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="programlisting"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>listen-on-v6 { none; };
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>listen-on-v6</B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> statement is specified,
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterthe server will not listen on any IPv6 address.</P
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>6.2.14.5. Query Address</A
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater>If the server doesn't know the answer to a question, it will
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterquery other nameservers. <B
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic UpdaterCLASS="command"
74ae031d9d7780015c11242b71cecca905ada695Tinderbox User>query-source</B
74ae031d9d7780015c11242b71cecca905ada695Tinderbox Userthe address and port used for such queries. For queries sent over
74ae031d9d7780015c11242b71cecca905ada695Tinderbox UserIPv6, there is a separate <B
74ae031d9d7780015c11242b71cecca905ada695Tinderbox UserCLASS="command"
74ae031d9d7780015c11242b71cecca905ada695Tinderbox User>query-source-v6</B
74ae031d9d7780015c11242b71cecca905ada695Tinderbox UserCLASS="command"
74ae031d9d7780015c11242b71cecca905ada695Tinderbox UserCLASS="command"
74ae031d9d7780015c11242b71cecca905ada695Tinderbox User> or is omitted,
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updatera wildcard IP address (<B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>INADDR_ANY</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>) will be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> or is omitted,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina random unprivileged port will be used. The defaults are</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>query-source address * port *;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinquery-source-v6 address * port *
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The address specified in the <B
fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4cAutomatic UpdaterCLASS="command"
fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4cAutomatic Updater>query-source</B
fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4cAutomatic Updateris used for both UDP and TCP queries, but the port applies only to
fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4cAutomatic UpdaterUDP queries. TCP queries always use a random
fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4cAutomatic Updaterunprivileged port.</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserNAME="zone_transfers"
87ff79ee66e85519d7f75195a5345e5f5e09c895Automatic Updater>6.2.14.6. Zone Transfers</A
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="acronym"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> has mechanisms in place to facilitate zone transfers
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userand set limits on the amount of load that transfers place on the
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Usersystem. The following options apply to zone transfers.</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="variablelist"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>also-notify</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>Defines a global list of IP addresses of name servers
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userthat are also sent NOTIFY messages whenever a fresh copy of the
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userzone is loaded, in addition to the servers listed in the zone's NS records.
04bbadfbcb8a755cb208c4034073a3c0eb96b9aaTinderbox UserThis helps to ensure that copies of the zones will
04bbadfbcb8a755cb208c4034073a3c0eb96b9aaTinderbox Userquickly converge on stealth servers. If an <B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>also-notify</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Useris given in a <B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> statement, it will override
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic UpdaterCLASS="command"
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater>options also-notify</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> statement. When a <B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>zone notify</B
04bbadfbcb8a755cb208c4034073a3c0eb96b9aaTinderbox UserCLASS="command"
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater>, the IP addresses in the global <B
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="command"
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater>also-notify</B
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updaternot be sent NOTIFY messages for that zone. The default is the empty
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updaterlist (no global notification list).</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>max-transfer-time-in</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>Inbound zone transfers running longer than
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userthis many minutes will be terminated. The default is 120 minutes
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic UpdaterCLASS="command"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews>max-transfer-idle-in</B
f7b2875691497b292eacb60609be23a813d14e63Automatic Updater>Inbound zone transfers making no progress
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updaterin this many minutes will be terminated. The default is 60 minutes
be75fd4f49dc3e96e43fdcd6bacf8d3b8749a0e0Automatic UpdaterCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>max-transfer-time-out</B
be75fd4f49dc3e96e43fdcd6bacf8d3b8749a0e0Automatic Updater>Outbound zone transfers running longer than
be75fd4f49dc3e96e43fdcd6bacf8d3b8749a0e0Automatic Updaterthis many minutes will be terminated. The default is 120 minutes
be75fd4f49dc3e96e43fdcd6bacf8d3b8749a0e0Automatic UpdaterCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>max-transfer-idle-out</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Outbound zone transfers making no progress
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsin this many minutes will be terminated. The default is 60 minutes (1
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserCLASS="command"
dba3c818ae00b10388d31703e86a28415db398acTinderbox User>serial-query-rate</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Slave servers will periodically query master servers
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrewsto find out if zone serial numbers have changed. Each such query uses
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsa minute amount of the slave server's network bandwidth. To limit the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsamount of bandwith used, BIND 9 limits the rate at which queries are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewssent. The value of the <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
be75fd4f49dc3e96e43fdcd6bacf8d3b8749a0e0Automatic Updater>serial-query-rate</B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrewsan integer, is the maximum number of queries sent per second.
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic UpdaterThe default is 20.
2914684df93e6c3aa4d402b5a14fbe6137f538aeAutomatic UpdaterCLASS="command"
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>serial-queries</B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>In BIND 8, the <B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsCLASS="command"
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>serial-queries</B
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updaterset the maximum number of concurrent serial number queries
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrewsallowed to be outstanding at any given time.
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsBIND 9 does not limit the number of outstanding
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrewsserial queries and ignores the <B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsCLASS="command"
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>serial-queries</B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsInstead, it limits the rate at which the queries are sent
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrewsas defined using the <B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsCLASS="command"
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>serial-query-rate</B
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark AndrewsCLASS="command"
68abac6cb23aa2c6489ccc16663e051d7aad3ad9Mark Andrews>transfer-format</B
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews> Zone transfers can be sent using two different formats,
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic UpdaterCLASS="command"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic UpdaterCLASS="command"
6100dfd774ab9b4040b6f348ef1de01bc902ae07Automatic Updater>many-answers</B
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox UserCLASS="command"
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox User>transfer-format</B
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox User> option is used
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox Useron the master server to determine which format it sends.
edaa0648858316d9f4ad2a4093f16e05dbf2fe50Tinderbox UserCLASS="command"
a1e81a1c5b029e4a44546de128f173524e8947a8Tinderbox User>one-answer</B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User> uses one DNS message per
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox Userresource record transferred.
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="command"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User>many-answers</B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User> packs as many resource records as
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox Userpossible into a message. <B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="command"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User>many-answers</B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox Userefficient, but is only supported by relatively new slave servers,
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="acronym"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="acronym"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox Userversions of <SPAN
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="acronym"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User> 4.9.5. The default is
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="command"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User>many-answers</B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox UserCLASS="command"
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User>transfer-format</B
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox Usermay be overridden on a per-server basis by using the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfers-in</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The maximum number of inbound zone transfers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat can be running concurrently. The default value is <TT
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="literal"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>transfers-in</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> may speed up the convergence
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userof slave zones, but it also may increase the load on the local system.</P
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfers-out</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The maximum number of outbound zone transfers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat can be running concurrently. Zone transfer requests in excess
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the limit will be refused. The default value is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfers-per-ns</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The maximum number of inbound zone transfers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat can be concurrently transferring from a given remote nameserver.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe default value is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. Increasing <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfers-per-ns</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinspeed up the convergence of slave zones, but it also may increase
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe load on the remote nameserver. <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
9011c72c568aedd03709f56f21d639fd55944a74Automatic Updater>transfers-per-ns</B
9011c72c568aedd03709f56f21d639fd55944a74Automatic Updaterbe overridden on a per-server basis by using the <B
9011c72c568aedd03709f56f21d639fd55944a74Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfers</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews> statement.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>transfer-source</B
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>transfer-source</B
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrewswhich local address will be bound to IPv4 TCP connections used to
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updaterfetch zones transferred inbound by the server. It also determines
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userthe source IPv4 address, and optionally the UDP port, used for the
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updaterrefresh queries and forwarded dynamic updates. If not set, it defaults
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updaterto a system controlled value which will usually be the address of
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updaterthe interface "closest to" the remote end. This address must appear
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsin the remote end's <B
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater>allow-transfer</B
d3907d27cc138f45772d3d63082ae02c7659148aAutomatic Updaterthe zone being transferred, if one is specified. This statement
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>transfer-source</B
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews> for all zones, but can
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsbe overridden on a per-view or per-zone basis by including a
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic UpdaterCLASS="command"
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic Updater>transfer-source</B
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic Updater> statement within the
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic UpdaterCLASS="command"
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic UpdaterCLASS="command"
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic Updaterin the configuration file.</P
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic UpdaterCLASS="command"
9d5a84057d77e1de7ccdcf3cfdeff78db4706fb8Automatic Updater>transfer-source-v6</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>The same as <B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>transfer-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userexcept zone transfers are performed using IPv6.</P
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userwhich local source address, and optionally UDP port, will be used to
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Usersend NOTIFY messages.
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserThis address must appear in the slave server's <B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userzone clause or in an <B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>allow-notify</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserThis statement sets the <B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User> for all zones,
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userbut can be overridden on a per-zone / per-view basis by including a
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User> statement within the <B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User> block in the configuration file.</P
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source-v6</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox UserCLASS="command"
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox User>notify-source</B
e67b52444aa179d82a1dea2da9bd4388ce7ded52Tinderbox Userbut applies to notify messages sent to IPv6 addresses.</P
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="sect3"
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsNAME="AEN2656"
c25877b3630eee1da5b942aaa924cba831b89328Automatic Updater>6.2.14.7. Operating System Resource Limits</A
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>The server's usage of many system resources can be limited.
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsScaled values are allowed when specifying resource limits. For
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews> can be used instead of
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>1073741824</B
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews> to specify a limit of one
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>unlimited</B
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews> requests unlimited use, or the
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsmaximum available amount. <B
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews> uses the limit
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrewsthat was in force when the server was started. See the description of
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsCLASS="command"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>size_spec</B
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsHREF="Bv9ARM.ch06.html#configuration_file_elements"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>Section 6.1</A
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews>The following options set operating system resource limits for
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsthe name server process. Some operating systems don't support some or
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsany of the limits. On such systems, a warning will be issued if the
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrewsunsupported limit is used.</P
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="variablelist"
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>The maximum size of a core dump. The default
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="literal"
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="command"
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrews>The maximum amount of data memory the server
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsmay use. The default is <TT
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsCLASS="literal"
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsThis is a hard limit on server memory usage.
1586d8cbac5d73031716561386f60758c6c332d5Mark AndrewsIf the server attempts to allocate memory in excess of this
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewslimit, the allocation will fail, which may in turn leave
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsthe server unable to perform DNS service. Therefore,
1586d8cbac5d73031716561386f60758c6c332d5Mark Andrewsthis option is rarely useful as a way of limiting the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinamount of memory used by the server, but it can be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto raise an operating system data size limit that is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewstoo small by default. If you wish to limit the amount
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsof memory used by the server, use the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>max-adb-size</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>max-cache-size</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursive-clients</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions instead.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>The maximum number of files the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmay have open concurrently. The default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>unlimited</TT
df6faef67126d1277b0f21defd41c54994bf6fcfMark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>stacksize</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The maximum amount of stack memory the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmay use. The default is <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN2694"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.14.8. Server Resource Limits</A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>The following options set limits on the server's
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsresource consumption that are enforced internally by the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver rather than the operating system.</P
df6faef67126d1277b0f21defd41c54994bf6fcfMark AndrewsCLASS="variablelist"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>max-ixfr-log-size</B
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>This option is obsolete; it is accepted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand ignored for BIND 8 compatibility.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursive-clients</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The maximum number of simultaneous recursive lookups
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe server will perform on behalf of clients. The default is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. Because each recursing clients uses a fair
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterbit of memory, on the order of 20 kilobytes, the value of the
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>recursive-clients</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater> option may have to be decreased
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updateron hosts with limited memory.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>tcp-clients</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The maximum number of simultaneous client TCP
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterconnections that the server will accept.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterThe default is <TT
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="literal"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>max-adb-size</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The server maintains a per view cache of remote
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterserver characteristics including addresses constructed from A6
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterchains. The amount of memory used for this cache can be set via
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>max-adb-size</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>max-cache-size</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater> if that is set otherwise it is
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="literal"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>, meaning that records are purged from
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterthe cache only when their TTLs expire.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>max-cache-size</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The maximum amount of memory to use for the
e31a258ca6ef845faf483fa8f04921e8841d3213Tinderbox Userserver's cache, in bytes. When the amount of data in the cache
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterreaches this limit, the server will cause records to expire
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterprematurely so that the limit is not exceeded. In a server with
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updatermultiple views, the limit applies separately to the cache of each
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterview. The default is <TT
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="literal"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>, meaning that
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterrecords are purged from the cache only when their TTLs expire.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>6.2.14.9. Periodic Task Intervals</A
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="variablelist"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>cleaning-interval</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The server will remove expired resource records
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterfrom the cache every <B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>cleaning-interval</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterThe default is 60 minutes.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterIf set to 0, no periodic cleaning will occur.</P
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>heartbeat-interval</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The server will perform zone maintenance tasks
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterfor all zones marked as <B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater> whenever this
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterinterval expires. The default is 60 minutes. Reasonable values are up
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterto 1 day (1440 minutes). If set to 0, no zone maintenance for these zones will occur.</P
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>interface-interval</B
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>The server will scan the network interface list
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic UpdaterCLASS="command"
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater>interface-interval</B
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic Updater> minutes. The default
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic Updateris 60 minutes. If set to 0, interface scanning will only occur when
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userthe configuration file is loaded. After the scan, listeners will be
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic Updaterstarted on any new interfaces (provided they are allowed by the
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater> configuration). Listeners on interfaces
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterthat have gone away will be cleaned up.</P
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater>statistics-interval</B
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic Updater>Nameserver statistics will be logged
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="command"
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User>statistics-interval</B
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User> minutes. The default is
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User60. If set to 0, no statistics will be logged.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>Not yet implemented in <SPAN
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="acronym"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserNAME="topology"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>6.2.14.10. Topology</A
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>All other things being equal, when the server chooses a nameserver
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userto query from a list of nameservers, it prefers the one that is
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usertopologically closest to itself. The <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>address_match_list</B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User> and interprets it
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userin a special way. Each top-level list element is assigned a distance.
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserNon-negated elements get a distance based on their position in the
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userlist, where the closer the match is to the start of the list, the
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usershorter the distance is between it and the server. A negated match
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userwill be assigned the maximum distance from the server. If there
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useris no match, the address will get a distance which is further than
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userany non-negated list element, and closer than any negated element.
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserFor example,</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="programlisting"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>will prefer servers on network 10 the most, followed by hosts
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useron network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userexception of hosts on network 1.2.3 (netmask 255.255.255.0), which
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useris preferred least of all.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>The default topology is</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="programlisting"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User> topology { localhost; localnets; };
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useris not implemented in <SPAN
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="acronym"
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserNAME="the_sortlist_statement"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>6.2.14.11. The <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater>The response to a DNS query may consist of multiple resource
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userrecords (RRs) forming a resource records set (RRset).
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserThe name server will normally return the
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterRRs within the RRset in an indeterminate order
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox User(but see the <B
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater>rrset-order</B
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterstatement in <A
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterHREF="Bv9ARM.ch06.html#rrset_ordering"
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox User>Section 6.2.14.12</A
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterThe client resolver code should rearrange the RRs as appropriate,
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterthat is, using any addresses on the local net in preference to other addresses.
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterHowever, not all resolvers can do this or are correctly configured.
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterWhen a client is using a local server the sorting can be performed
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterin the server, based on the client's address. This only requires
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updaterconfiguring the nameservers, not all the clients.</P
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> statement (see below) takes
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>address_match_list</B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User> and interprets it even
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usermore specifically than the <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater>Section 6.2.14.10</A
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserEach top level statement in the <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useritself be an explicit <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>address_match_list</B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userone or two elements. The first element (which may be an IP address,
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useran IP prefix, an ACL name or a nested <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>address_match_list</B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userof each top level list is checked against the source address of
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userthe query until a match is found.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>Once the source address of the query has been matched, if
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userthe top level statement contains only one element, the actual primitive
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userelement that matched the source address is used to select the address
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userin the response to move to the beginning of the response. If the
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userstatement is a list of two elements, then the second element is
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usertreated the same as the <B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>address_match_list</B
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User> statement. Each top level element
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useris assigned a distance and the address in the response with the minimum
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userdistance is moved to the beginning of the response.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>In the following example, any queries received from any of
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userthe addresses of the host itself will get responses preferring addresses
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useron any of the locally connected networks. Next most preferred are addresses
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useron the 192.168.1/24 network, and after that either the 192.168.2/24
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User192.168.3/24 network with no preference shown between these two
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usernetworks. Queries received from a host on the 192.168.1/24 network
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userwill prefer other addresses on that network to the 192.168.2/24
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User192.168.3/24 networks. Queries received from a host on the 192.168.4/24
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Useror the 192.168.5/24 network will only prefer other addresses on
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usertheir directly connected networks.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="programlisting"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User { localhost; // IF the local host
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User { localnets; // THEN first fit on the
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater { 192.168.1/24; // THEN use .1, or .2 or .3
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater { 192.168.2/24; // IF on class C 192.168.2
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>The following example will give reasonable behavior for the
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userlocal host and hosts on directly connected networks. It is similar
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userto the behavior of the address sort in <SPAN
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="acronym"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User> 4.9.x. Responses sent
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userto queries from the local host will favor any of the directly connected
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Usernetworks. Responses sent to queries from any other hosts on a directly
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userconnected network will prefer addresses on that same network. Responses
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userto other queries will not be sorted.</P
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="programlisting"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User { localhost; localnets; };
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User { localnets; };
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserNAME="rrset_ordering"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>6.2.14.12. RRset Ordering</A
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>When multiple records are returned in an answer it may be
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updateruseful to configure the order of the records placed into the response.
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>rrset-order</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> statement permits configuration
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userof the ordering of the records in a multiple record response.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserSee also the <B
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserHREF="Bv9ARM.ch06.html#the_sortlist_statement"
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox User>Section 6.2.14.11</A
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>order_spec</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> is defined as follows:</P
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="programlisting"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="optional"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="replaceable"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>class_name</I
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="optional"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="replaceable"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="optional"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCLASS="replaceable"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>"domain_name"</I
892503bd484c106493e3c8053155b364a522ec03Tinderbox UserCLASS="replaceable"
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox User>If no class is specified, the default is <B
29651c3a80835482fa1612c24653c9b0c0e2e205Tinderbox UserCLASS="command"
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterIf no type is specified, the default is <B
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="command"
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterIf no name is specified, the default is "<B
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="command"
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic Updater>The legal values for <B
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="command"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="informaltable"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserNAME="AEN2818"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserCELLPADDING="3"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="CALSTABLE"
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterVALIGN="MIDDLE"
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic UpdaterCLASS="command"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox UserVALIGN="MIDDLE"
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox User>Records are returned in the order they
c11135d39e82f0cd1c67869c535f4af77cd8eda6Tinderbox Userare defined in the zone file.</P
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserVALIGN="MIDDLE"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserVALIGN="MIDDLE"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>Records are returned in some random order.</P
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserVALIGN="MIDDLE"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserVALIGN="MIDDLE"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>Records are returned in a round-robin
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>For example:</P
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="programlisting"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>rrset-order {
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User class IN type A name "host.example.com" order random;
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User order cyclic;
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>will cause any responses for type A records in class IN that
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="literal"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>" as a suffix, to always be returned
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userin random order. All other records are returned in cyclic order.</P
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>If multiple <B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>rrset-order</B
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User> statements appear,
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userthey are not combined — the last one applies.</P
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="command"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>rrset-order</B
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Useris not yet implemented in <SPAN
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="acronym"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserBIND 9 currently supports only a "random-cyclic" ordering,
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userwhere the server randomly chooses a starting point within
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userthe RRset and returns the records in order starting at
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userthat point, wrapping around the end of the RRset if
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserNAME="synthesis"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>6.2.14.13. Synthetic IPv6 responses</A
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>Many existing stub resolvers support IPv6 DNS lookups as defined in
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserRFC1886, using AAAA records for forward lookups and "nibble labels" in
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="literal"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> domain for reverse lookups, but do not support
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserRFC2874-style lookups (using A6 records and binary labels in the
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="literal"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>For those who wish to continue to use such stub resolvers rather than
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userswitching to the BIND 9 lightweight resolver, BIND 9 provides a way
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userto automatically convert RFC1886-style lookups into
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserRFC2874-style lookups and return the results as "synthetic" AAAA and
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserPTR records.</P
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>This feature is disabled by default and can be enabled on a per-client
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userbasis by adding a
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>allow-v6-synthesis { <TT
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="replaceable"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>address_match_list</I
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userclause to the <B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User When it is enabled, recursive
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserAAAA queries cause the server to first try an A6 lookup and if that
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userfails, an AAAA lookups. No matter which one succeeds, the results are
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userreturned as a set of synthetic AAAA records. Similarly, recursive PTR
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userqueries in <TT
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="literal"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> will cause a
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="literal"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> using binary
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userlabels, and if that fails, another lookup in <TT
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="literal"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserThe results are returned as a synthetic PTR record in
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="literal"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>The synthetic records have a TTL of zero. DNSSEC validation of
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Usersynthetic responses is not currently supported; therefore responses
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Usercontaining synthetic RRs will not have the AD flag set.</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>6.2.14.14. Tuning</A
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="variablelist"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>Sets the number of seconds to cache a
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userlame server indication. 0 disables caching. (This is
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="emphasis"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> recommended.)
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserDefault is <TT
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="literal"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> (10 minutes). Maximum value is
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="literal"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User> (30 minutes).</P
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserCLASS="command"
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User>max-ncache-ttl</B
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User>To reduce network traffic and increase performance
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox Userthe server stores negative answers. <B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>max-ncache-ttl</B
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox Userused to set a maximum retention time for these answers in the server
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox Userin seconds. The default
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox UserCLASS="command"
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User>max-ncache-ttl</B
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox UserCLASS="literal"
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User> seconds (3 hours).
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox UserCLASS="command"
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User>max-ncache-ttl</B
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User> cannot exceed 7 days and will
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userbe silently truncated to 7 days if set to a greater value.</P
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>max-cache-ttl</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>max-cache-ttl</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userthe maximum time for which the server will cache ordinary (positive)
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Useranswers. The default is one week (7 days).</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>The minimum number of root servers that
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Useris required for a request for the root servers to be accepted. Default
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="userinput"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>Not yet implemented in <SPAN
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="acronym"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="command"
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox User>sig-validity-interval</B
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>Specifies the number of days into the
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userfuture when DNSSEC signatures automatically generated as a result
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userof dynamic updates (<A
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserHREF="Bv9ARM.ch04.html#dynamic_update"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>Section 4.1</A
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userwill expire. The default is <TT
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="literal"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> days. The signature
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userinception time is unconditionally set to one hour before the current time
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userto allow for a limited amount of clock skew.</P
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>min-refresh-time</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>max-refresh-time</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>min-retry-time</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserCLASS="command"
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User>max-retry-time</B
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User> These options control the server's behavior on refreshing a zone
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox User(querying for SOA changes) or retrying failed transfers.
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox UserUsually the SOA values for the zone are used, but these values
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Userare set by the master, giving slave server administrators little
65f32cd8bf0924a9d7b7fde03d1a45407dc6f422Tinderbox Usercontrol over their contents.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User> These options allow the administrator to set a minimum and maximum
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userrefresh and retry time either per-zone, per-view, or per-server.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserThese options are valid for master, slave and stub zones,
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userand clamp the SOA refresh and retry times to the specified values.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserNAME="statsfile"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>6.2.14.15. The Statistics File</A
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User>The statistics file generated by <SPAN
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserCLASS="acronym"
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Useris similar, but not identical, to that
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox Usergenerated by <SPAN
5329b4137e5c0c309e589d1b019014dc6a383e3dAutomatic UpdaterCLASS="acronym"
a53c45b2b8e778663ea51834272169dc946b6672Mark Andrews>The statistics dump begins with the line <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>+++ Statistics Dump
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein+++ (973798949)</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, where the number in parentheses is a standard
00124ad0406365d39f4b2d1011ef6a76706e9df0Mark AndrewsUnix-style timestamp, measured as seconds since January 1, 1970. Following
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userthat line are a series of lines containing a counter type, the value of the
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrewscounter, optionally a zone name, and optionally a view name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe lines without view and zone listed are global statistics for the entire server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinLines with a zone and view name for the given view and zone (the view name is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinomitted for the default view). The statistics dump ends
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userwith the line <B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>--- Statistics Dump --- (973798949)</B
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updaternumber is identical to the number in the beginning line.</P
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater>The following statistics counters are maintained:</P
a404eb87dc8f91fe81bedce8bb3957fc3c7684a5Mark AndrewsCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The number of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsuccessful queries made to the server or zone. A successful query
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis defined as query which returns a NOERROR response with at least
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinone answer RR.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The number of queries which resulted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin referral responses.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The number of queries which resulted in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNOERROR responses with no data.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterVALIGN="MIDDLE"
04bbadfbcb8a755cb208c4034073a3c0eb96b9aaTinderbox Userof queries which resulted in NXDOMAIN responses.</P
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic UpdaterVALIGN="MIDDLE"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="command"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserVALIGN="MIDDLE"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User>The number of queries which resulted in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfailure response other than those above.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursion</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The number of queries which caused the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto perform recursion in order to find the final answer.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Each query received by the server will cause exactly one of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrewsto be incremented, and may additionally cause the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursion</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> counter to be incremented.
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsCLASS="sect2"
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsCLASS="sect2"
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsNAME="server_statement_grammar"
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsCLASS="command"
dca44b90c96352111e0f1cdfdeccde1a13732161Mark Andrews> Statement Grammar</A
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsCLASS="programlisting"
dca44b90c96352111e0f1cdfdeccde1a13732161Mark AndrewsCLASS="replaceable"
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater> provide-ixfr <TT
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater> request-ixfr <TT
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater> transfers <TT
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater> transfer-format <TT
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater>( one-answer | many-answers )</I
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="optional"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic UpdaterCLASS="replaceable"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User>{ string ; [<SPAN
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserCLASS="optional"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User> string ; [<SPAN
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserCLASS="optional"
9c1210a508fa246d62ca7d9a52f1d8b19d0ccf48Tinderbox UserNAME="server_statement_definition_and_usage"
9c1210a508fa246d62ca7d9a52f1d8b19d0ccf48Tinderbox UserCLASS="command"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User> Statement Definition and Usage</A
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox UserCLASS="command"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User> statement defines characteristics
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox Userto be associated with a remote nameserver.</P
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox UserCLASS="command"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User> statement can occur at the top level of the
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox Userconfiguration file or inside a <B
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox UserCLASS="command"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox UserCLASS="command"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User> statement contains
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox Userone or more <B
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserCLASS="command"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User> statements, only those
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox Userapply to the view and any top-level ones are ignored.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserIf a view contains no <B
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox UserCLASS="command"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox Userany top-level <B
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserCLASS="command"
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater> statements are used as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>If you discover that a remote server is giving out bad data,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmarking it as bogus will prevent further queries to it. The default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
6101b9f0d904a708e900a74abc16d1e0eda67264Mark AndrewsCLASS="command"
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews>provide-ixfr</B
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews> clause determines whether
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrewsthe local server, acting as master, will respond with an incremental
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrewszone transfer when the given remote server, a slave, requests it.
6101b9f0d904a708e900a74abc16d1e0eda67264Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, incremental transfer will be provided
dcb551033f0b33eb5c113169750a61084d8250a1Mark Andrewswhenever possible. If set to <B
6101b9f0d904a708e900a74abc16d1e0eda67264Mark AndrewsCLASS="command"
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrews>, all transfers
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrewsto the remote server will be nonincremental. If not set, the value
6101b9f0d904a708e900a74abc16d1e0eda67264Mark AndrewsCLASS="command"
dcb551033f0b33eb5c113169750a61084d8250a1Mark Andrews>provide-ixfr</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option in the view or
6101b9f0d904a708e900a74abc16d1e0eda67264Mark Andrewsglobal options block is used as a default.</P
6101b9f0d904a708e900a74abc16d1e0eda67264Mark AndrewsCLASS="command"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater>request-ixfr</B
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater> clause determines whether
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updaterthe local server, acting as a slave, will request incremental zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintransfers from the given remote server, a master. If not set, the
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updatervalue of the <B
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterCLASS="command"
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updater>request-ixfr</B
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updater> option in the view or
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updaterglobal options block is used as a default.</P
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updater>IXFR requests to servers that do not support IXFR will automatically
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterfall back to AXFR. Therefore, there is no need to manually list
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterwhich servers support IXFR and which ones do not; the global default
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="command"
ba713ac34af236ef867cc27288e599659379cd66Tinderbox User> should always work.
ba713ac34af236ef867cc27288e599659379cd66Tinderbox UserThe purpose of the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>provide-ixfr</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater>request-ixfr</B
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic Updaterto make it possible to disable the use of IXFR even when both master
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterand slave claim to support it, for example if one of the servers
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updateris buggy and crashes or corrupts data when IXFR is used.</P
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> clause determines whether the local server
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterwill attempt to use EDNS when communicating with the remote server. The
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>The server supports two zone transfer methods. The first, <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updateruses one DNS message per resource record transferred. <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>many-answers</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updateras many resource records as possible into a message. <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>many-answers</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updatermore efficient, but is only known to be understood by <SPAN
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="acronym"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="acronym"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="acronym"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> 4.9.5. You can specify which method
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterto use for a server with the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>transfer-format</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>transfer-format</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> is not specified, the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>transfer-format</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> statement will be used.</P
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> is used to limit the number of
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterconcurrent inbound zone transfers from the specified server. If
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> clause is specified, the limit is
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updaterset according to the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater>transfers-per-ns</B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> clause is used to identify a <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater> statement, to be used for transaction
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updatersecurity when talking to the remote server. The <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updatermust come before the <B
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic UpdaterCLASS="command"
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater> statement that references
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updaterit. When a request is sent to the remote server, a request signature
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updaterwill be generated using the key specified here and appended to the
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updatermessage. A request originating from the remote server is not required
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updaterto be signed by this key.</P
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater>Although the grammar of the <B
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic UpdaterCLASS="command"
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updaterallows for multiple keys, only a single key per server is currently
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox UserNAME="AEN3052"
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox UserCLASS="command"
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User>trusted-keys</B
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User> Statement Grammar</A
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>trusted-keys {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3068"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>trusted-keys</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Definition
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>trusted-keys</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement defines DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsecurity roots. DNSSEC is described in <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 4.7</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. A security root is defined when the public key for a non-authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone is known, but cannot be securely obtained through DNS, either
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbecause it is the DNS root zone or its parent zone is unsigned.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinOnce a key has been configured as a trusted key, it is treated as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinif it had been validated and proven secure. The resolver attempts
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinDNSSEC validation on all DNS data in subdomains of a security root.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>trusted-keys</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement can contain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmultiple key entries, each consisting of the key's domain name,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinflags, protocol, algorithm, and the base-64 representation of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater> Statement Grammar</A
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="replaceable"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater match-clients { <TT
ac93437301f55ed69bf85883a497a75598c628f9Automatic UpdaterCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-destinations { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein match-recursive-only { <TT
a53c45b2b8e778663ea51834272169dc946b6672Mark AndrewsCLASS="replaceable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>yes_or_no</I
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserCLASS="optional"
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserCLASS="replaceable"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>view_option</I
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox UserCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
43b94483957d3168796a816ed86cf097518817dcTinderbox User>zone_statement</I
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="sect2"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsNAME="AEN3090"
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> Statement Definition and Usage</A
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> statement is a powerful new feature
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="acronym"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> 9 that lets a name server answer a DNS query differently
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsdepending on who is asking. It is particularly useful for implementing
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewssplit DNS setups without having to run multiple servers.</P
a17029519ef25b7cb545d574b728dc81b0ab74fdTinderbox UserCLASS="command"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater> statement defines a view of the
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox UserDNS namespace that will be seen by a subset of clients. A client matches
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsa view if its source IP address matches the
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="varname"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>address_match_list</TT
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> of the view's
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>match-clients</B
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> clause and its destination IP address matches
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserCLASS="varname"
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic Updater>address_match_list</TT
db6353c9b89628e16f6e729ce57baabad3460c49Automatic Updater> of the view's
6bf6622b7b9053dc52527478473b572f042c4b5bMark AndrewsCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>match-destinations</B
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater> clause. If not specified, both
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic UpdaterCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>match-clients</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
43b94483957d3168796a816ed86cf097518817dcTinderbox User>match-destinations</B
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updaterdefault to matching all addresses. A view can also be specified
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>match-recursive-only</B
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updater>, which means that only recursive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrequests from matching clients will match that view.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe order of the <B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User> statements is significant —
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updatera client request will be resolved in the context of the first
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> that it matches.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Zones defined within a <B
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement will
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userbe only be accessible to clients that match the <B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User By defining a zone of the same name in multiple views, different
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userzone data can be given to different clients, for example, "internal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand "external" clients in a split DNS setup.</P
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User>Many of the options given in the <B
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox UserCLASS="command"
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox Usercan also be used within a <B
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement, and then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinapply only when resolving queries with that view. When no view-specific
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinvalue is given, the value in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
15d29ab5fe89ad45b13ab8dcb74093f682a95986Tinderbox Useris used as a default. Also, zone options can have default values specified
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> statement; these view-specific defaults
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewstake precedence over those in the <B
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> statement.</P
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>Views are class specific. If no class is given, class IN
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsis assumed. Note that all non-IN views must contain a hint zone,
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewssince only the IN class has compiled-in default hints.</P
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>If there are no <B
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> statements in the config
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsfile, a default view that matches any client is automatically created
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsin class IN, and any <B
43b94483957d3168796a816ed86cf097518817dcTinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User> statements specified on
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox Userthe top level of the configuration file are considered to be part of
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updaterthis default view. If any explicit <B
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsare present, all <B
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="command"
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater> statements must occur inside
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox UserCLASS="command"
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User> statements.</P
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>Here is an example of a typical split DNS setup implemented
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="command"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews> statements.</P
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="programlisting"
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews>view "internal" {
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews // This should match our internal networks.
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater match-clients { 10.0.0.0/8; };
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater // Provide recursive service to internal clients only.
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater recursion yes;
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater // Provide a complete view of the example.com zone
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater // including addresses of internal hosts.
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrewsview "external" {
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User match-clients { any; };
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews // Refuse recursive service to external clients.
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews recursion no;
885c1096e0c296b0188f01ca7511df1f70a6cddaMark Andrews // Provide a restricted view of the example.com zone
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic Updater // containing only publicly accessible hosts.
885c1096e0c296b0188f01ca7511df1f70a6cddaMark AndrewsCLASS="sect2"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserNAME="zone_statement_grammar"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinStatement Grammar</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>zone_name</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type ( master | slave | hint | stub | forward ) ;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-notify { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-query { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-transfer { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-update { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> update-policy { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update_policy_rule</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] } ; </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> allow-update-forwarding { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>address_match_list</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> also-notify { <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="optional"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] ; ... </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> check-names (<TT
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>dialup_option</I
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="replaceable"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="constant"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="constant"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater> forwarders { <TT
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="replaceable"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="replaceable"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="replaceable"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="optional"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>] ; ... </SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> ixfr-base <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> ixfr-tmp-file <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews> maintain-ixfr-base <TT
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> masters [<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic UpdaterCLASS="optional"
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic UpdaterCLASS="replaceable"
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="optional"
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic UpdaterCLASS="optional"
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic Updater> max-ixfr-log-size <TT
8a8d38eb8e5f853835df2f6799ce0d3d7ecf8be6Automatic UpdaterCLASS="replaceable"
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="optional"
c387825f77476d046f4b3491e646889693209bd2Tinderbox User> max-transfer-idle-in <TT
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="replaceable"
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="optional"
c387825f77476d046f4b3491e646889693209bd2Tinderbox User> max-transfer-idle-out <TT
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="replaceable"
c387825f77476d046f4b3491e646889693209bd2Tinderbox UserCLASS="optional"
e658a6635dfdf44bd61e13c37b93f5ba30edb07aTinderbox User> max-transfer-time-in <TT
e658a6635dfdf44bd61e13c37b93f5ba30edb07aTinderbox UserCLASS="replaceable"
e658a6635dfdf44bd61e13c37b93f5ba30edb07aTinderbox UserCLASS="optional"
e658a6635dfdf44bd61e13c37b93f5ba30edb07aTinderbox User> max-transfer-time-out <TT
e658a6635dfdf44bd61e13c37b93f5ba30edb07aTinderbox UserCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>yes_or_no</I
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfer-source (<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark AndrewsCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> transfer-source-v6 (<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark AndrewsCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> notify-source (<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> notify-source-v6 (<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic UpdaterCLASS="constant"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater> zone-statistics <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
3a3705ef7747327df182bf8d009333d2472253d5Mark Andrews>yes_or_no</I
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox UserCLASS="optional"
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox User> sig-validity-interval <TT
7be2f6d5df28b207e3e385c555eb4f740150528dTinderbox UserCLASS="replaceable"
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="optional"
a057e8e33baa5fa369be28a9680585200ce3ff73Mark Andrews> database <TT
a057e8e33baa5fa369be28a9680585200ce3ff73Mark AndrewsCLASS="replaceable"
3a3705ef7747327df182bf8d009333d2472253d5Mark AndrewsCLASS="optional"
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews> min-refresh-time <TT
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark AndrewsCLASS="replaceable"
083a5588a3488b6335ee7bafa505d00644c7c58dMark AndrewsCLASS="optional"
083a5588a3488b6335ee7bafa505d00644c7c58dMark Andrews> max-refresh-time <TT
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic UpdaterCLASS="replaceable"
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic UpdaterCLASS="optional"
8de0d8a6905e397ed0a26054815420685f9b435eAutomatic Updater> min-retry-time <TT
8de0d8a6905e397ed0a26054815420685f9b435eAutomatic UpdaterCLASS="replaceable"
6bf6622b7b9053dc52527478473b572f042c4b5bMark AndrewsCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> max-retry-time <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3241"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Statement Definition and Usage</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3244"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.22.1. Zone Types</A
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="informaltable"
c96e7744e0da3accf075c966f9a3f0f8e50a2cf4Tinderbox UserNAME="AEN3246"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCELLPADDING="3"
38760f5b074d2974a56479fa8b3aeb4b89bf36c8Automatic UpdaterCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The server has a master copy of the data
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsfor the zone and will be able to provide authoritative answers for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark AndrewsVALIGN="MIDDLE"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews>A slave zone is a replica of a master
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic UpdaterCLASS="command"
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updater> list specifies one or more IP addresses
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updaterof master servers that the slave contacts to update its copy of the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinBy default, transfers are made from port 53 on the servers; this can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe changed for all servers by specifying a port number before the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlist of IP addresses, or on a per-server basis after the IP address.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinAuthentication to the master can also be done with per-server TSIG keys.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIf a file is specified, then the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinreplica will be written to this file whenever the zone is changed,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand reloaded from this file on a server restart. Use of a file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrecommended, since it often speeds server start-up and eliminates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina needless waste of bandwidth. Note that for large numbers (in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintens or hundreds of thousands) of zones per server, it is best to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinuse a two level naming scheme for zone file names. For example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina slave server for the zone <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> might place
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe zone contents into a file called
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinjust the first two letters of the zone name. (Most operating systems
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbehave very slowly if you put 100K files into a single directory.)</P
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsVALIGN="MIDDLE"
7526edc7677371c366232de5f39a678b7dcda747Mark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A stub zone is similar to a slave zone,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexcept that it replicates only the NS records of a master zone instead
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the entire zone. Stub zones are not a standard part of the DNS;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthey are a feature specific to the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> implementation.
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater>Stub zones can be used to eliminate the need for glue NS record
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterin a parent zone at the expense of maintaining a stub zone entry and
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updatera set of name server addresses in <TT
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="filename"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterThis usage is not recommended for new configurations, and BIND 9
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updatersupports it only in a limited way.
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="acronym"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater> 4/8, zone transfers of a parent zone
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterincluded the NS records from stub children of that zone. This meant
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterthat, in some cases, users could get away with configuring child stubs
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updateronly in the master server for the parent zone. <SPAN
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="acronym"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater9 never mixes together zone data from different zones in this
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterway. Therefore, if a <SPAN
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="acronym"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater> 9 master serving a parent
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterzone has child stub zones configured, all the slave servers for the
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterparent zone also need to have the same child stub zones
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater>Stub zones can also be used as a way of forcing the resolution
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterof a given domain to use a particular set of authoritative servers.
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterFor example, the caching name servers on a private network using
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterRFC2157 addressing may be configured with stub zones for
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="literal"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterto use a set of internal name servers as the authoritative
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterservers for that domain.</P
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterVALIGN="MIDDLE"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="varname"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterVALIGN="MIDDLE"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater>A "forward zone" is a way to configure
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updaterforwarding on a per-domain basis. A <B
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="command"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="command"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic Updater> can contain a <B
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="command"
b6f3a9131ec5bff166be3efb172c0492e53f932bAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>forwarders</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhich will apply to queries within the domain given by the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname. If no <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> statement is present or
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updateran empty list for <B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> is given, then no
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterforwarding will be done for the domain, cancelling the effects of
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterany forwarders in the <B
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updater> statement. Thus
aeb7938001b22e811a910e1b36cdf452f9193865Automatic Updaterif you want to use this type of zone to change the behavior of the
aeb7938001b22e811a910e1b36cdf452f9193865Automatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option (that is, "forward first
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto", then "forward only", or vice versa, but want to use the same
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinservers as set globally) you need to respecify the global forwarders.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The initial set of root nameservers is
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrewsspecified using a "hint zone". When the server starts up, it uses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe root hints to find a root nameserver and get the most recent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlist of root nameservers. If no hint zone is specified for class
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIN, the server uses a compiled-in default set of root servers hints.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinClasses other than IN have no built-in defaults hints.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3301"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.22.2. Class</A
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updater>The zone's name may optionally be followed by a class. If
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic Updatera class is not specified, class <TT
ccc383f3a74bdf3559650c630bbca24b11d8f8aeAutomatic UpdaterCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Internet</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis assumed. This is correct for the vast majority of cases.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updaternamed for an information service from MIT's Project Athena. It is
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updaterused to share information about various systems databases, such
f7b2875691497b292eacb60609be23a813d14e63Automatic Updateras users, groups, printers and so on. The keyword
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="literal"
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updatera synonym for hesiod.</P
b7ce89b8ca18904810265cc0074d7d517c9a5c5cAutomatic Updater>Another MIT development is CHAOSnet, a LAN protocol created
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updaterin the mid-1970s. Zone data for it can be specified with the <TT
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="literal"
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater>6.2.22.3. Zone Options</A
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic UpdaterCLASS="variablelist"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic UpdaterCLASS="command"
db6353c9b89628e16f6e729ce57baabad3460c49Automatic Updater>allow-notify</B
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater>See the description of
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic UpdaterCLASS="command"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>allow-notify</B
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic UpdaterHREF="Bv9ARM.ch06.html#access_control"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>Section 6.2.14.3</A
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic UpdaterCLASS="command"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>allow-query</B
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>See the description of
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic UpdaterCLASS="command"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>allow-query</B
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic UpdaterHREF="Bv9ARM.ch06.html#access_control"
06ac94d81a56d4acc2590cc98c1bae5c89b8eeebAutomatic Updater>Section 6.2.14.3</A
bafdc1ebe80e1bc359bfbb48aa88790c7bbdc749Automatic UpdaterCLASS="command"
bafdc1ebe80e1bc359bfbb48aa88790c7bbdc749Automatic Updater>allow-transfer</B
c978c6cb6e0c38d8378b6cd1f6b5aac3cf91e36aAutomatic Updater>See the description of <B
c978c6cb6e0c38d8378b6cd1f6b5aac3cf91e36aAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-transfer</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHREF="Bv9ARM.ch06.html#access_control"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.14.3</A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="command"
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User>allow-update</B
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User>Specifies which hosts are allowed to
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Usersubmit Dynamic DNS updates for master zones. The default is to deny
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox Userupdates from all hosts.</P
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic UpdaterCLASS="command"
b05106c7e68077d805893fbae006fae125494fd6Automatic Updater>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies a "Simple Secure Update" policy. See
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsHREF="Bv9ARM.ch06.html#dynamic_update_policies"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>Section 6.2.22.4</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update-forwarding</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Specifies which hosts are allowed to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsubmit Dynamic DNS updates to slave zones to be forwarded to the
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updatermaster. The default is <TT
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="userinput"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updatermeans that no update forwarding will be performed. To enable
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updaterupdate forwarding, specify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>allow-update-forwarding { any; };</B
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsSpecifying values other than <TT
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsCLASS="userinput"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>{ none; }</B
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="userinput"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater> is usually counterproductive, since
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updaterthe responsibility for update access control should rest with the
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updatermaster server, not the slaves.</P
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>Note that enabling the update forwarding feature on a slave server
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updatermay expose master servers relying on insecure IP address based
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updateraccess control to attacks; see <A
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterHREF="Bv9ARM.ch07.html#dynamic_update_security"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>Section 7.3</A
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updaterfor more details.</P
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>also-notify</B
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>Only meaningful if <B
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updateractive for this zone. The set of machines that will receive a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater>DNS NOTIFY</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor this zone is made up of all the listed nameservers (other than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe primary master) for the zone plus any IP addresses specified
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>also-notify</B
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater>. A port may be specified
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>also-notify</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews> address to send the notify
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrewsmessages to a port other than the default of 53.
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>also-notify</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews> is not meaningful for stub zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe default is the empty list.</P
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsCLASS="command"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>check-names</B
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews> This option was used in BIND 8 to restrict the character set of
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrewsdomain names in master files and/or DNS responses received from the
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrewsnetowrk. BIND 9 does not restrict the character set of domain names
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrewsand does not implement the <B
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark AndrewsCLASS="command"
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews>check-names</B
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
3daad56dbb60acbdd1e8f59a1cfbfb03d364dba8Automatic Updater>Specify the type of database to be used for storing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone data. The string following the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrewsis interpreted as a list of whitespace-delimited words. The first word
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrewsidentifies the database type, and any subsequent words are passed
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrewsas arguments to the database to be interpreted in a way specific
852ccdd42a71550c974111b49415204ffeca6573Automatic Updaterto the database type.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The default is <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, BIND 9's native in-memory
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinred-black-tree database. This database does not take arguments.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Other values are possible if additional database drivers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinhave been linked into the server. Some sample drivers are included
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwith the distribution but none are linked in by default.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>See the description of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#boolean_options"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.14.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Only meaningful if the zone has a forwarders
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater> value causes the lookup to fail
852ccdd42a71550c974111b49415204ffeca6573Automatic Updaterafter trying the forwarders and getting no answer, while <B
852ccdd42a71550c974111b49415204ffeca6573Automatic UpdaterCLASS="command"
852ccdd42a71550c974111b49415204ffeca6573Automatic Updaterallow a normal lookup to be tried.</P
852ccdd42a71550c974111b49415204ffeca6573Automatic UpdaterCLASS="command"
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater>Used to override the list of global forwarders.
852ccdd42a71550c974111b49415204ffeca6573Automatic UpdaterIf it is not specified in a zone of type <B
852ccdd42a71550c974111b49415204ffeca6573Automatic UpdaterCLASS="command"
852ccdd42a71550c974111b49415204ffeca6573Automatic Updaterno forwarding is done for the zone; the global options are not used.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>ixfr-base</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Was used in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews> 8 to specify the name
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrewsof the transaction log (journal) file for dynamic update and IXFR.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 ignores the option and constructs the name of the journal
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfile by appending "<TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>" to the name of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone file.</P
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="command"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>ixfr-tmp-file</B
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>Was an undocumented option in <SPAN
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="acronym"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsIgnored in <SPAN
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="acronym"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="command"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>max-transfer-time-in</B
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>See the description of
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="command"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>max-transfer-time-in</B
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsHREF="Bv9ARM.ch06.html#zone_transfers"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>Section 6.2.14.6</A
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="command"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>max-transfer-idle-in</B
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>See the description of
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsCLASS="command"
7f723eabc5768f576470cd9cc82fd4af200013a1Mark Andrews>max-transfer-idle-in</B
7f723eabc5768f576470cd9cc82fd4af200013a1Mark AndrewsHREF="Bv9ARM.ch06.html#zone_transfers"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>Section 6.2.14.6</A
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>max-transfer-time-out</B
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>See the description of
a17029519ef25b7cb545d574b728dc81b0ab74fdTinderbox UserCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>max-transfer-time-out</B
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterHREF="Bv9ARM.ch06.html#zone_transfers"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>Section 6.2.14.6</A
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>max-transfer-idle-out</B
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>See the description of
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>max-transfer-idle-out</B
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterHREF="Bv9ARM.ch06.html#zone_transfers"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>Section 6.2.14.6</A
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>See the description of
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterHREF="Bv9ARM.ch06.html#boolean_options"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater>Section 6.2.14.1</A
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="command"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic UpdaterCLASS="acronym"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater> 8, this option was intended for specifying
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updatera public zone key for verification of signatures in DNSSEC signed
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updaterzones when they are loaded from disk. <SPAN
a17029519ef25b7cb545d574b728dc81b0ab74fdTinderbox UserCLASS="acronym"
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updater> 9 does not verify signatures
93a5136c2b37df3232d2da4db2de60f29f6f1162Automatic Updateron loading and ignores the option.</P
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>zone-statistics</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="userinput"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>, the server will keep statistical
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrewsinformation for this zone, which can be dumped to the
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>statistics-file</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews> defined in the server options.</P
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>sig-validity-interval</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>See the description of
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic UpdaterCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>sig-validity-interval</B
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>Section 6.2.14.14</A
f4429c1c31ec32f05125baab1adcc4f09863f7afMark AndrewsCLASS="command"
f4429c1c31ec32f05125baab1adcc4f09863f7afMark Andrews>transfer-source</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>See the description of
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>transfer-source</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterHREF="Bv9ARM.ch06.html#zone_transfers"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>Section 6.2.14.6</A
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>transfer-source-v6</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>See the description of
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>transfer-source-v6</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterHREF="Bv9ARM.ch06.html#zone_transfers"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>Section 6.2.14.6</A
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>notify-source</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>See the description of
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>notify-source</B
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterHREF="Bv9ARM.ch06.html#zone_transfers"
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic Updater>Section 6.2.14.6</A
610cd6f8458d88d5696e131aee310dcbcebac8fdAutomatic UpdaterCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>notify-source-v6</B
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater>See the description of
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterCLASS="command"
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater>notify-source-v6</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#zone_transfers"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.14.6</A
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>min-refresh-time</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>max-refresh-time</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>min-retry-time</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>max-retry-time</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User> See the description in <A
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>Section 6.2.14.14</A
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>ixfr-from-differences</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>See the description of
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserCLASS="command"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>ixfr-from-differences</B
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox UserHREF="Bv9ARM.ch06.html#boolean_options"
52cc3bd9c1f5f6123e7b30f65a110a8c3557a43cTinderbox User>Section 6.2.14.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserNAME="dynamic_update_policies"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.2.22.4. Dynamic Update Policies</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 supports two alternative methods of granting clients
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe right to perform dynamic updates to a zone,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconfigured by the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option, respectively.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> clause works the same
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinway as in previous versions of <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. It grants given clients the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpermission to update any record of any name in the zone.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> clause is new in <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein9 and allows more fine-grained control over what updates are allowed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinA set of rules is specified, where each rule either grants or denies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpermissions for one or more names to be updated by one or more identities.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If the dynamic update request message is signed (that is, it includes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeineither a TSIG or SIG(0) record), the identity of the signer can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe determined.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Rules are specified in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoption, and are only meaningful for master zones. When the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis present, it is a configuration error for the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto be present. The <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> statement only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexamines the signer of a message; the source address is not relevant.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This is how a rule definition looks:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Each rule grants or denies privileges. Once a message has
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewssuccessfully matched a rule, the operation is immediately granted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinor denied and no further rules are examined. A rule is matched
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhen the signer matches the identity field, the name matches the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname field, and the type is specified in the type field.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The identity field specifies a name or a wildcard name. The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnametype field has 4 values: <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>subdomain</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>wildcard</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN3552"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches when the updated name is the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsame as the name in the name field.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>subdomain</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches when the updated name is a subdomain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the name in the name field (which includes the name itself).</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>wildcard</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches when the updated name is a valid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexpansion of the wildcard name in the name field.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Matches when the updated name is the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updatersame as the message signer. The name field is ignored.</P
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater>If no types are specified, the rule matches all types except
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterSIG, NS, SOA, and NXT. Types may be specified by name, including
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater"ANY" (ANY matches all types except NXT, which can never be updated).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3582"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.3. Zone File</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="types_of_resource_records_and_when_to_use_them"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.3.1. Types of Resource Records and When to Use Them</A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>This section, largely borrowed from RFC 1034, describes the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsconcept of a Resource Record (RR) and explains when each is used.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsSince the publication of RFC 1034, several new RRs have been identified
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsand implemented in the DNS. These are also included.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="sect3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN3587"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>6.3.1.1. Resource Records</A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>A domain name identifies a node. Each node has a set of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews resource information, which may be empty. The set of resource
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews information associated with a particular name is composed of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews separate RRs. The order of RRs in a set is not significant and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews need not be preserved by nameservers, resolvers, or other
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews parts of the DNS. However, sorting of multiple RRs is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews permitted for optimization purposes, for example, to specify
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews that a particular nearby server be tried first. See <A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsHREF="Bv9ARM.ch06.html#the_sortlist_statement"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Section 6.2.14.11</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch06.html#rrset_ordering"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6.2.14.12</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The components of a Resource Record are:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3593"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>owner name</P
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterVALIGN="MIDDLE"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater>the domain name where the RR is found.</P
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>an encoded 16 bit value that specifies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe type of the resource in this resource record. Types refer to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinabstract resources.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>the time to live of the RR. This field
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis a 32 bit integer in units of seconds, and is primarily used by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinresolvers when they cache RRs. The TTL describes how long a RR can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe cached before it should be discarded.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>an encoded 16 bit value that identifies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina protocol family or instance of a protocol.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>the type and sometimes class-dependent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindata that describes the resource.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following are <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> of valid RRs
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews(some of these listed, although not obsolete, are experimental (x)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinor historical (h) and no longer in general use):</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3625"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a host address.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>an IPv6 address.</P
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterVALIGN="MIDDLE"
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterVALIGN="MIDDLE"
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater>Obsolete format of IPv6 address</P
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterVALIGN="MIDDLE"
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterVALIGN="MIDDLE"
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater>(x) location of AFS database servers.
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic UpdaterExperimental.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>identifies the canonical name of an alias.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>for delegation of reverse addresses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinReplaces the domain name specified with another name to be looked
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinup. Described in RFC 2672.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>identifies the CPU and OS used by a host.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>(x) representation of ISDN addresses.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsExperimental.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>stores a public key associated with a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>(x) for storing GPS info. See RFC 1876.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsExperimental.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>identifies a mail exchange for the domain.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein See RFC 974 for details.</P
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterVALIGN="MIDDLE"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>the authoritative nameserver for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterVALIGN="MIDDLE"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater>used in DNSSEC to securely indicate that
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterRRs with an owner name in a certain name interval do not exist in
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updatera zone and indicate what RR types are present for an existing name.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic UpdaterSee RFC 2535 for details.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a pointer to another part of the domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname space.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>(x) information on persons responsible
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor the domain. Experimental.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>(x) route-through binding for hosts that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindo not have their own direct wide area network addresses. Experimental.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>("signature") contains data authenticated
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin the secure DNS. See RFC 2535 for details.</P
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>identifies the start of a zone of authority.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>information about well known network
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinservices (replaces WKS).</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>(h) information about which well known
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnetwork services, such as SMTP, that a domain supports. Historical,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinreplaced by newer RR SRV.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>(x) representation of X.25 network addresses. Experimental.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> of resource records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinare currently valid in the DNS:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3737"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>the Internet system.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For information about other,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinolder classes of RRs, see <A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch09.html#classes_of_resource_records"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section A.2.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is the type-dependent or class-dependent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindata that describes the resource:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3753"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>for the IN class, a 32 bit IP address.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>maps a domain name to an IPv6 address,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwith a provision for indirection for leading "prefix" bits.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a domain name.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>provides alternate naming to an entire
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsubtree of the domain name space, rather than to a single node.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It causes some suffix of a queried name to be substituted with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina name from the DNAME record's RDATA.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a 16 bit preference value (lower is better)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfollowed by a host name willing to act as a mail exchange for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinowner domain.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a fully qualified domain name.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a fully qualified domain name.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>several fields.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The owner name is often implicit, rather than forming an integral
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpart of the RR. For example, many nameservers internally form tree
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinor hash structures for the name space, and chain RRs off nodes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The remaining RR parts are the fixed header (type, class, TTL)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhich is consistent for all RRs, and a variable part (RDATA) that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfits the needs of the resource being described.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The meaning of the TTL field is a time limit on how long an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinRR can be kept in a cache. This limit does not apply to authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindata in zones; it is also timed out, but by the refreshing policies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfor the zone. The TTL is assigned by the administrator for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone where the data originates. While short TTLs can be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinminimize caching, and a zero TTL prohibits caching, the realities
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof Internet performance suggest that these times should be on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinorder of days for the typical host. If a change can be anticipated,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe TTL can be reduced prior to the change to minimize inconsistency
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsduring the change, and then increased back to its former value following
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsthe change.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The data in the RDATA section of RRs is carried as a combination
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof binary strings and domain names. The domain names are frequently
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinused as "pointers" to other data in the DNS.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN3801"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.3.1.2. Textual expression of RRs</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>RRs are represented in binary form in the packets of the DNS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinprotocol, and are usually represented in highly encoded form when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstored in a nameserver or resolver. In the examples provided in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinRFC 1034, a style similar to that used in master files was employed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin order to show the contents of RRs. In this format, most RRs
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinare shown on a single line, although continuation lines are possible
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinusing parentheses.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The start of the line gives the owner of the RR. If a line
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbegins with a blank, then the owner is assumed to be the same as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat of the previous RR. Blank lines are often included for readability.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Following the owner, we list the TTL, type, and class of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinRR. Class and type use the mnemonics defined above, and TTL is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinan integer before the type field. In order to avoid ambiguity in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinparsing, type and class mnemonics are disjoint, TTLs are integers,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand the type mnemonic is always last. The IN class and TTL values
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinare often omitted from examples in the interests of clarity.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The resource data or RDATA section of the RR are given using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinknowledge of the typical representation for the data.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For example, we might show the RRs carried in a message as:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3808"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>128.9.0.32</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>10.1.0.52</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>10.2.0.27</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>128.9.0.33</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The MX RRs have an RDATA section which consists of a 16 bit
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnumber followed by a domain name. The address RRs use a standard
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinIP address format to contain a 32 bit internet address.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This example shows six RRs, with two RRs at each of three
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindomain names.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Similarly we might see:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3874"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>10.0.0.44</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox UserCLASS="literal"
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic UpdaterVALIGN="MIDDLE"
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic UpdaterCLASS="literal"
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic Updater>This example shows two addresses for <TT
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic UpdaterCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeineach of a different class.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3902"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>6.3.2. Discussion of MX Records</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>As described above, domain servers store information as a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinseries of resource records, each of which contains a particular
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpiece of information about a given domain name (which is usually,
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userbut not always, a host). The simplest way to think of a RR is as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina typed pair of datum, a domain name matched with relevant data,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand stored with some additional type information to help systems determine
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhen the RR is relevant.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>MX records are used to control delivery of email. The data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinspecified in the record is a priority and a domain name. The priority
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrols the order in which email delivery is attempted, with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlowest number first. If two priorities are the same, a server is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinchosen randomly. If no servers at a given priority are responding,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe mail transport agent will fall back to the next largest priority.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinPriority numbers do not have any absolute meaning — they are relevant
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinonly respective to other MX records for that domain name. The domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname given is the machine to which the mail will be delivered. It <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinan associated A record — CNAME is not sufficient.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For a given domain, if there is both a CNAME record and an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinMX record, the MX record is in error, and will be ignored. Instead,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe mail will be delivered to the server specified in the MX record
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinpointed to by the CNAME.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN3908"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsCLASS="literal"
07e2d9518d5d78818b469de77f398f3439106abfAutomatic UpdaterVALIGN="MIDDLE"
07e2d9518d5d78818b469de77f398f3439106abfAutomatic UpdaterVALIGN="MIDDLE"
07e2d9518d5d78818b469de77f398f3439106abfAutomatic UpdaterCLASS="literal"
07e2d9518d5d78818b469de77f398f3439106abfAutomatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark AndrewsCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
8ae3bbdd860f8abe3d47ec02d1f4d2008bf46f63Automatic UpdaterCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
8ae3bbdd860f8abe3d47ec02d1f4d2008bf46f63Automatic UpdaterVALIGN="MIDDLE"
8ae3bbdd860f8abe3d47ec02d1f4d2008bf46f63Automatic UpdaterCLASS="literal"
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsVALIGN="MIDDLE"
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic UpdaterCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
07e2d9518d5d78818b469de77f398f3439106abfAutomatic UpdaterCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>10.0.0.1</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
7208386cd37a2092c70eddf80cf29519b16c4c80Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="literal"
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserVALIGN="MIDDLE"
43b94483957d3168796a816ed86cf097518817dcTinderbox UserCLASS="literal"
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserVALIGN="MIDDLE"
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
43b94483957d3168796a816ed86cf097518817dcTinderbox User>For example:</P
dba3c818ae00b10388d31703e86a28415db398acTinderbox User>Mail delivery will be attempted to <TT
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserCLASS="literal"
dba3c818ae00b10388d31703e86a28415db398acTinderbox UserCLASS="literal"
dba3c818ae00b10388d31703e86a28415db398acTinderbox Userany order), and if neither of those succeed, delivery to <TT
43b94483957d3168796a816ed86cf097518817dcTinderbox UserCLASS="literal"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsbe attempted.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterNAME="Setting_TTLs"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.3. Setting TTLs</A
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The time to live of the RR field is a 32 bit integer represented
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterin units of seconds, and is primarily used by resolvers when they
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatercache RRs. The TTL describes how long a RR can be cached before it
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatershould be discarded. The following three types of TTL are currently
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterused in a zone file.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="informaltable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCELLPADDING="3"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="CALSTABLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The last field in the SOA is the negative
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatercaching TTL. This controls how long other servers will cache no-such-domain
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater(NXDOMAIN) responses from you.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The maximum time for
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaternegative caching is 3 hours (3h).</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The $TTL directive at the top of the
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterzone file (before the SOA) gives a default TTL for every RR without
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatera specific TTL set.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Each RR can have a TTL as the second
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterfield in the RR, which will control how long other servers can cache
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>All of these TTLs default to units of seconds, though units
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatercan be explicitly specified, for example, <TT
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
e7ac7921af0a875c17af3e8cb8cca46d1776ffe7Tinderbox UserNAME="AEN4023"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.4. Inverse Mapping in IPv4</A
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Reverse name resolution (that is, translation from IP address
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updaterto name) is achieved by means of the <I
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic UpdaterCLASS="emphasis"
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updaterand PTR records. Entries in the in-addr.arpa domain are made in
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updaterleast-to-most significant order, read left to right. This is the
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updateropposite order to the way IP addresses are usually written. Thus,
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updatera machine with an IP address of 10.1.2.3 would have a corresponding
c821eb704848afd1f2e70c77c70e7b6ce0b92989Automatic Updater3.2.1.10.in-addr.arpa. This name should have a PTR resource record
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterwhose data field is the name of the machine or, optionally, multiple
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterPTR records if the machine has more than one name. For example,
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="informaltable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCELLPADDING="3"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="CALSTABLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> lines in the examples
a87790b9d8e062fac1b2dfb8903e77bfe92a3891Tinderbox Userare for providing context to the examples only-they do not necessarily
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterappear in the actual usage. They are only used here to indicate
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterthat the example is relative to the listed origin.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.5. Other Zone File Directives</A
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The Master File Format was initially defined in RFC 1035 and
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterhas subsequently been extended. While the Master File Format itself
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updateris class independent all records in a Master File must be of the same
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Master File Directives include <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.5.1. The <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>domain-name</I
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> sets the domain name that will
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterbe appended to any unqualified records. When a zone is first read
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterin there is an implicit <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="varname"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> is appended to the domain specified
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> argument if it is not absolute.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="programlisting"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterWWW CNAME MAIN-SERVER</TT
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>is equivalent to</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="programlisting"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.</TT
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.5.2. The <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Read and process the file <TT
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="filename"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterif it were included into the file at this point. If <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterspecified the file is processed with <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterto that value, otherwise the current <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>The origin and the current domain name
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterrevert to the values they had prior to the <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterthe file has been read.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterRFC 1035 specifies that the current origin should be restored after
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>, but it is silent on whether the current
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterdomain name should also be restored. BIND 9 restores both of them.
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterThis could be construed as a deviation from RFC 1035, a feature, or both.
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>6.3.5.3. The <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>default-ttl</I
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Set the default Time To Live (TTL) for subsequent records
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterwith undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> is defined in RFC 2308.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="acronym"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> Master File Extension: the <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="optional"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="replaceable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> is used to create a series of
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterresource records that only differ from each other by an iterator. <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterbe used to easily generate the sets of records required to support
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatersub /24 reverse delegations described in RFC 2317: Classless IN-ADDR.ARPA
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="programlisting"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater$GENERATE 1-2 0 NS SERVER$.EXAMPLE.
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater$GENERATE 1-127 $ CNAME $.0</TT
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>is equivalent to</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="programlisting"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="literal"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater1.0.0.192.IN-ADDR.ARPA CNAME 1.0.0.0.192.IN-ADDR.ARPA
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater2.0.0.192.IN-ADDR.ARPA CNAME 2.0.0.0.192.IN-ADDR.ARPA
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater127.0.0.192.IN-ADDR.ARPA CNAME 127.0.0.0.192.IN-ADDR.ARPA
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="informaltable"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCELLPADDING="3"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="CALSTABLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>This can be one of two forms: start-stop
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updateror start-stop/step. If the first form is used then step is set to
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater 1. All of start, stop and step must be positive.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> describes the
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterowner name of the resource records to be created. Any single <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> side are replaced by the iterator
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterTo get a $ in the output you need to escape the <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterusing a backslash <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> may optionally be followed
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterby modifiers which change the offset from the interator, field width and base.
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterModifiers are introduced by a <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> immediately following the
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>${offset[,width[,base]]}</B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> which subtracts 20 from the current value,
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterprints the result as a decimal in a zero padded field of with 3. Available
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updateroutput forms are decimal (<B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterand hexadecimal (<B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> for uppercase).
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterThe default modifier is <B
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterabsolute, the current <B
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic UpdaterCLASS="command"
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic Updater> is appended to
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic Updater>For compatability with earlier versions <B
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterrecognised a indicating a literal $ in the output.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic Updater>At present the only supported types are
ea21c734ff027f23f289f8c6507a4e79984e4830Automatic UpdaterPTR, CNAME, DNAME, A, AAAA and NS.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterVALIGN="MIDDLE"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>rhs is a domain name. It is processed
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updatersimilarly to lhs.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="command"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> directive is a <SPAN
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="acronym"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updaterand not part of the standard zone file format.</P
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="NAVFOOTER"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCELLPADDING="0"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCELLSPACING="0"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="acronym"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> 9 Lightweight Resolver</TD
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic UpdaterCLASS="acronym"
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater> 9 Security Considerations</TD