Bv9ARM.ch06.html revision 54ef87c8c94789c8a9976bd100814e1ff652f113
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User>BIND 9 Configuration Reference</TITLE
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserNAME="GENERATOR"
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox UserCONTENT="Modular DocBook HTML Stylesheet Version 1.61
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsTITLE="BIND 9 Administrator Reference Manual"
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox UserREL="PREVIOUS"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserTITLE="The BIND 9 Lightweight Resolver"
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsTITLE="BIND 9 Security Considerations"
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="chapter"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsBGCOLOR="#FFFFFF"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsTEXT="#000000"
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsLINK="#0000FF"
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsVLINK="#840084"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsALINK="#0000FF"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="NAVHEADER"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCELLPADDING="0"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCELLSPACING="0"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsALIGN="center"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>BIND 9 Administrator Reference Manual</TH
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserVALIGN="bottom"
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox UserALIGN="center"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterVALIGN="bottom"
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntALIGN="right"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserVALIGN="bottom"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="chapter"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater>Chapter 6. <SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="acronym"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> 9 Configuration Reference</A
95637507c3d47481fbf0a8a8c750a57f944f677fMark Andrews>Table of Contents</B
2ae159b376dac23870d8005563c585acf85a4b5aEvan HuntHREF="Bv9ARM.ch06.html#configuration_file_elements"
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt>Configuration File Elements</A
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsHREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>Configuration File Grammar</A
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>Zone File</A
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox UserCLASS="acronym"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews> 9 configuration is broadly similar
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonCLASS="acronym"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> 8; however, there are a few new areas
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Userof configuration, such as views. <SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="acronym"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews8 configuration files should work with few alterations in <SPAN
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="acronym"
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson9, although more complex configurations should be reviewed to check
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Userif they can be more efficiently implemented using the new features
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsfound in <SPAN
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="acronym"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="acronym"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> 4 configuration files can be converted to the new format
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrewsusing the shell script
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="filename"
2a31bd531072824ef252c18303859d6af7451b00Francis DupontNAME="configuration_file_elements"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>6.1. Configuration File Elements</A
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>Following is a list of elements used throughout the <SPAN
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="acronym"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews> configuration
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrewsfile documentation:</P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="informaltable"
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsNAME="AEN1113"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCELLPADDING="3"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="CALSTABLE"
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox UserVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserVALIGN="MIDDLE"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>The name of an <TT
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox UserCLASS="varname"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>address_match_list</TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Userdefined by the <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater> statement.</P
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>address_match_list</TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserVALIGN="MIDDLE"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>A list of one or more <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonCLASS="varname"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>ip_prefix</TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="varname"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="varname"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>acl_name</TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User> elements, see
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserHREF="Bv9ARM.ch06.html#address_match_lists"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>Section 6.1.1</A
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsVALIGN="MIDDLE"
8711e5c73ca872d59810760af0332194cbdd619bAutomatic UpdaterCLASS="varname"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>domain_name</TT
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsVALIGN="MIDDLE"
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater>A quoted string which will be used as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updatera DNS name, for example "<TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="literal"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterCLASS="varname"
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater>dotted_decimal</TT
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark AndrewsVALIGN="MIDDLE"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User>One to four integers valued 0 through
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews255 separated by dots (`.'), such as <B
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic UpdaterCLASS="command"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="command"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>89.123.45.67</B
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsVALIGN="MIDDLE"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="varname"
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic UpdaterVALIGN="MIDDLE"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews>An IPv4 address with exactly four elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="varname"
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater>dotted_decimal</TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> notation.</P
757ff043760e4743dda1a10e7d58349275934902Tinderbox UserVALIGN="MIDDLE"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="varname"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>ip6_addr</TT
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>An IPv6 address, such as <B
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>fe80::200:f8ff:fe01:9742</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="varname"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="varname"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>ip4_addr</TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="varname"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>ip6_addr</TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="varname"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>An IP port <TT
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark AndrewsCLASS="varname"
01a5c5503482fb3ba52088bf0178a7213273bf96Mark AndrewsCLASS="varname"
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User> is limited to 0 through 65535, with values
d585233c52e283d9a8849f16f04f452419a2484eTinderbox Userbelow 1024 typically restricted to use by processes running as root.
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserIn some cases an asterisk (`*') character can be used as a placeholder to
d585233c52e283d9a8849f16f04f452419a2484eTinderbox Userselect a random high-numbered port.</P
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsVALIGN="MIDDLE"
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox UserCLASS="varname"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>ip_prefix</TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>An IP network specified as an <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsfollowed by a slash (`/') and then the number of bits in the netmask.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsTrailing zeros in a <TT
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox UserCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> may omitted.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsFor example, <B
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> is the network <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>127.0.0.0</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>255.0.0.0</B
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="command"
a5636b773fa05a272b6876afd99309c0b3090e2fMark AndrewsCLASS="command"
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews> with netmask <B
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox UserCLASS="command"
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User>255.255.255.240</B
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>domain_name</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> representing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe name of a shared key, to be used for transaction security.</P
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>A list of one or more <TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonseparated by semicolons and ending with a semicolon.</P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterVALIGN="MIDDLE"
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater>A non-negative 32 bit integer
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater(i.e., a number between 0 and 4294967295, inclusive).
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserIts acceptable value might further
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updaterbe limited by the context in which it is used.</P
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterVALIGN="MIDDLE"
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox UserCLASS="varname"
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User>path_name</TT
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox UserVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>A quoted string which will be used as
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox Usera pathname, such as <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="filename"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="varname"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>size_spec</TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserVALIGN="MIDDLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>A number, the word <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>unlimited</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsor the word <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="userinput"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="varname"
e20309353e6246485c521278131d3fced73d7957Tinderbox User>unlimited</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>size_spec</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> requests unlimited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonuse, or the maximum available amount. A <TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>default size_spec</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe limit that was in force when the server was started.</P
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoptionally be followed by a scaling factor: <TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="userinput"
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewskilobytes, <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsmegabytes, and <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="userinput"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> for gigabytes,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwhich scale by 1024, 1024*1024, and 1024*1024*1024 respectively.</P
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>The value must be representable as a 64-bit unsigned integer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington(0 to 18446744073709551615, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="varname"
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews>unlimited</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> is the best way
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonto safely set a really large number.</P
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="varname"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>yes_or_no</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="userinput"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="userinput"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="userinput"
0e91f17da8a29086876a88962e0a3482094b6057Evan HuntCLASS="userinput"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrewsalso accepted, as are the numbers <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="userinput"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="userinput"
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsVALIGN="MIDDLE"
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsCLASS="varname"
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews>dialup_option</TT
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="userinput"
757ff043760e4743dda1a10e7d58349275934902Tinderbox User>notify-passive</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
22d32791e5daa0bc80335a0f10ab2de95f41ccdbTinderbox UserCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsWhen used in a zone, <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="userinput"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>notify-passive</B
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="userinput"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="userinput"
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updaterare restricted to slave and stub zones.</P
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsCLASS="sect2"
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsCLASS="sect2"
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsNAME="address_match_lists"
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews>6.1.1. Address Match Lists</A
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsCLASS="sect3"
861836e5f5df62bfaea9ad8923a05278d5ab2f3dTinderbox UserNAME="AEN1275"
e8c17c74535be290abaaa160a434ed80bf0ad2feMark Andrews>6.1.1.1. Syntax</A
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic UpdaterCLASS="programlisting"
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic UpdaterCLASS="varname"
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User>address_match_list</TT
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User> = address_match_list_element ;
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="optional"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater> address_match_list_element; ... </SPAN
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="varname"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater>address_match_list_element</TT
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="optional"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater>] (ip_address [<SPAN
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="optional"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater key key_id | acl_name | { address_match_list } )
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater>6.1.1.2. Definition and Usage</A
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater>Address match lists are primarily used to determine access
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updatercontrol for various server operations. They are also used in
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="command"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic UpdaterCLASS="command"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterstatements. The elements
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updaterwhich constitute an address match list can be any of the following:</P
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox User>an IP address (IPv4 or IPv6)</P
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>an IP prefix (in `/' notation)</P
3040b455151b1e1173193933664b2891b6159f24Mark Andrews>a key ID, as defined by the <B
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserCLASS="command"
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews> statement</P
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater>the name of an address match list previously defined with
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterCLASS="command"
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater>a nested address match list enclosed in braces</P
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater>Elements can be negated with a leading exclamation mark (`!'),
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updaterand the match list names "any", "none", "localhost", and "localnets"
3040b455151b1e1173193933664b2891b6159f24Mark Andrewsare predefined. More information on those names can be found in
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox Userthe description of the acl statement.</P
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater>The addition of the key clause made the name of this syntactic
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updaterelement something of a misnomer, since security keys can be used
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updaterto validate access without regard to a host or network address. Nonetheless,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updaterthe term "address match list" is still used throughout the documentation.</P
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater>When a given IP address or prefix is compared to an address
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updatermatch list, the list is traversed in order until an element matches.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterThe interpretation of a match depends on whether the list is being used
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updaterfor access control, defining listen-on ports, or in a sortlist,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updaterand whether the element was negated.</P
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater>When used as an access control list, a non-negated match allows
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updateraccess and a negated match denies access. If there is no match,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updateraccess is denied. The clauses <B
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterCLASS="command"
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater>allow-notify</B
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic UpdaterCLASS="command"
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater>allow-query</B
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterCLASS="command"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>allow-transfer</B
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>allow-update</B
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonCLASS="command"
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington>allow-update-forwarding</B
01f91b9cd440833f66e7476e43659655cb52ad10Automatic UpdaterCLASS="command"
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox Useruse address match lists this. Similarly, the listen-on option will cause
bec9d04b657e1582d2531bdc02503bebde2aa978Tinderbox Userthe server to not accept queries on any of the machine's addresses
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox Userwhich do not match the list.</P
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User>Because of the first-match aspect of the algorithm, an element
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox Userthat defines a subset of another element in the list should come
f45f40ec2814a5ff1ed443c968772a1b2e25c462Mark Andrewsbefore the broader element, regardless of whether either is negated. For
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox UserCLASS="command"
d642d3857129678797a01adee14fbd70335b05a9Mark Andrews> the 1.2.3.13 element is
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrewscompletely useless because the algorithm will match any lookup for
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark AndrewsCLASS="command"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrewsthat problem by having 1.2.3.13 blocked by the negation but all
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox Userother 1.2.3.* hosts fall through.</P
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="sect2"
7e8129652903780873ba91f379f9ffca1f59773cMark AndrewsCLASS="sect2"
7e8129652903780873ba91f379f9ffca1f59773cMark AndrewsNAME="AEN1314"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews>6.1.2. Comment Syntax</A
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="acronym"
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews> 9 comment syntax allows for comments to appear
f6ba5791728d244650c1887d8dd8ed771fd50a1dMark Andrewsanywhere that white space may appear in a <SPAN
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox UserCLASS="acronym"
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User> configuration
b123be91958e0bc58a10c165be64d47661199e3bEvan Huntfile. To appeal to programmers of all kinds, they can be written
b123be91958e0bc58a10c165be64d47661199e3bEvan HuntCLASS="sect3"
b123be91958e0bc58a10c165be64d47661199e3bEvan HuntCLASS="sect3"
b123be91958e0bc58a10c165be64d47661199e3bEvan HuntNAME="AEN1319"
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt>6.1.2.1. Syntax</A
b123be91958e0bc58a10c165be64d47661199e3bEvan HuntCLASS="programlisting"
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt>/* This is a <SPAN
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="acronym"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> comment as in C */</PRE
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="programlisting"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>// This is a <SPAN
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="acronym"
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater> comment as in C++</PRE
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="programlisting"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User># This is a <SPAN
a5636b773fa05a272b6876afd99309c0b3090e2fMark AndrewsCLASS="acronym"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews> comment as in common UNIX shells and perl</PRE
e20309353e6246485c521278131d3fced73d7957Tinderbox UserNAME="AEN1328"
e20309353e6246485c521278131d3fced73d7957Tinderbox User>6.1.2.2. Definition and Usage</A
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User>Comments may appear anywhere that whitespace may appear in
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserCLASS="acronym"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> configuration file.</P
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews>C-style comments start with the two characters /* (slash,
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrewsstar) and end with */ (star, slash). Because they are completely
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrewsdelimited with these characters, they can be used to comment only
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrewsa portion of a line or to span multiple lines.</P
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews>C-style comments cannot be nested. For example, the following
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrewsis not valid because the entire comment ends with the first */:</P
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark AndrewsCLASS="programlisting"
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews>/* This is the start of a comment.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews This is still part of the comment.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews/* This is an incorrect attempt at nesting a comment. */
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews This is no longer in any comment. */
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews>C++-style comments start with the two characters // (slash,
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrewsslash) and continue to the end of the physical line. They cannot
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrewsbe continued across multiple physical lines; to have one logical
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrewscomment span multiple lines, each line must use the // pair.</P
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt>For example:</P
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="programlisting"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User>// This is the start of a comment. The next line
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User// is a new comment, even though it is logically
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User// part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>Shell-style (or perl-style, if you prefer) comments start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwith the character <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="literal"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> (number sign) and continue to the end of the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userphysical line, as in C++ comments.</P
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User>For example:</P
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic UpdaterCLASS="programlisting"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater># This is the start of a comment. The next line
3040b455151b1e1173193933664b2891b6159f24Mark Andrews# is a new comment, even though it is logically
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updater# part of the previous comment.
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic UpdaterCLASS="warning"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="warning"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserALIGN="CENTER"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews>You cannot use the semicolon (`;') character
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater to start a comment such as you would in a zone file. The
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater semicolon indicates the end of a configuration
8bc194b266a17f89e6c54469d4dfbb408070f39eMark AndrewsCLASS="sect1"
8bc194b266a17f89e6c54469d4dfbb408070f39eMark AndrewsCLASS="sect1"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserNAME="Configuration_File_Grammar"
560d6da48f066000541dd43f5d407644dee12bebTinderbox User>6.2. Configuration File Grammar</A
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="acronym"
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User> 9 configuration consists of statements and comments.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User Statements end with a semicolon. Statements and comments are the
3040b455151b1e1173193933664b2891b6159f24Mark Andrews only elements that can appear without enclosing braces. Many
3040b455151b1e1173193933664b2891b6159f24Mark Andrews statements contain a block of sub-statements, which are also
90b25b84f037ec923efaee84d2c0dc599293d04eTinderbox User terminated with a semicolon.</P
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews>The following statements are supported:</P
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark AndrewsCLASS="informaltable"
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark AndrewsNAME="AEN1352"
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis DupontCELLPADDING="3"
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis DupontCLASS="CALSTABLE"
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic UpdaterVALIGN="MIDDLE"
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic UpdaterCLASS="command"
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic UpdaterVALIGN="MIDDLE"
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater>defines a named IP address
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox Usermatching list, for access control and other uses.</P
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsVALIGN="MIDDLE"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterVALIGN="MIDDLE"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>declares control channels to be used
50fa300826799727204b93cbe63bebc341c5eadeTinderbox UserCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox UserCLASS="command"
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic UpdaterVALIGN="MIDDLE"
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater>includes a file.</P
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterVALIGN="MIDDLE"
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterCLASS="command"
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterVALIGN="MIDDLE"
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews>specifies key information for use in
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrewsauthentication and authorization using TSIG.</P
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserVALIGN="MIDDLE"
50fa300826799727204b93cbe63bebc341c5eadeTinderbox UserCLASS="command"
e628576d3b3d91c8954679077f4c208f1e43b433Automatic UpdaterVALIGN="MIDDLE"
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater>specifies what the server logs, and where
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrewsthe log messages are sent.</P
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsVALIGN="MIDDLE"
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsCLASS="command"
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsVALIGN="MIDDLE"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews>controls global server configuration
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrewsoptions and sets defaults for other statements.</P
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserVALIGN="MIDDLE"
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserCLASS="command"
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserVALIGN="MIDDLE"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews>sets certain configuration options on
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox Usera per-server basis.</P
08190bd4d89153cee463b34f9233ad6dd88965fcMark AndrewsVALIGN="MIDDLE"
08190bd4d89153cee463b34f9233ad6dd88965fcMark AndrewsCLASS="command"
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews>trusted-keys</B
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsVALIGN="MIDDLE"
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews>defines trusted DNSSEC keys.</P
48dfee71508886d86fe8fb12f91961b5daf3141dMark AndrewsVALIGN="MIDDLE"
48dfee71508886d86fe8fb12f91961b5daf3141dMark AndrewsCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsVALIGN="MIDDLE"
f09f1bf18e3ad40a0e8a6cc3dabf1c11f04992cbMark Andrews>defines a view.</P
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserVALIGN="MIDDLE"
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic UpdaterCLASS="command"
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic UpdaterVALIGN="MIDDLE"
6025cbbe8408f4b09d53d5ec1e95cb6da97e0a8dTinderbox User>defines a zone.</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
166c467a9414778bdd0f2a1e4a32220843c0fde3Tinderbox User> statements may only occur once per
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.</P
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsCLASS="sect2"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsNAME="AEN1421"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="command"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews> Statement Grammar</A
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="programlisting"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="command"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews address_match_list
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="sect2"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="sect2"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="command"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews> Statement Definition and
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox UserCLASS="command"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews> statement assigns a symbolic
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews name to an address match list. It gets its name from a primary
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews use of address match lists: Access Control Lists (ACLs).</P
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews>Note that an address match list's name must be defined
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="command"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews> before it can be used elsewhere; no
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User forward references are allowed.</P
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>The following ACLs are built-in:</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="informaltable"
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox UserCELLPADDING="3"
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsCLASS="CALSTABLE"
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic UpdaterVALIGN="MIDDLE"
e80c7005e3d59dfeb04dad186d36f3c15622954cTinderbox UserCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsVALIGN="MIDDLE"
6fd5f289d8455283fad33d1051e6fbaa3bec43d5Tinderbox User>Matches all hosts.</P
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic UpdaterVALIGN="MIDDLE"
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark AndrewsCLASS="command"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserVALIGN="MIDDLE"
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User>Matches no hosts.</P
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox UserVALIGN="MIDDLE"
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox UserCLASS="command"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonVALIGN="MIDDLE"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>Matches the IPv4 addresses of all network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterinterfaces on the system.</P
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserVALIGN="MIDDLE"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="command"
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews>localnets</B
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater>Matches any host on an IPv4 network for which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthe system has an interface.</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserACLs do not currently support IPv6 (that is,
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater> does not match the host's IPv6 addresses,
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox UserCLASS="command"
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User> does not match the host's attached
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark AndrewsIPv6 networks) due to the lack of a standard method of determining the
d58e33bfabfee19a035031dac633d36659738d56Evan Huntcomplete set of local IPv6 addresses for a host.
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="sect2"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="sect2"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsNAME="AEN1468"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater> Statement Grammar</A
601c1908d06375f5dea00ab98671a6c934d8a840Automatic UpdaterCLASS="programlisting"
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic UpdaterCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews inet ( ip_addr | * ) [<SPAN
12ee3c02ab36d7e7430bd705cc289db1a69a5733Mark AndrewsCLASS="optional"
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater> port ip_port </SPAN
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews>] allow { <TT
601c1908d06375f5dea00ab98671a6c934d8a840Automatic UpdaterCLASS="replaceable"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews> address_match_list </I
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic UpdaterCLASS="replaceable"
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> inet ...; </SPAN
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="sect2"
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic UpdaterNAME="controls_statement_definition_and_usage"
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic UpdaterCLASS="command"
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater> Statement Definition and Usage</A
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> statement declares control
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User channels to be used by system administrators to control the
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews operation of the name server. These control channels are
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater used by the <B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> utility to send commands to
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews and retrieve non-DNS results from a name server.</P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> control channel is a TCP
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews socket listening at the specified
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews> on the specified
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="command"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater>, which can be an IPv4 or IPv6
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater address. An <B
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="command"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="literal"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews> is interpreted as the IPv4 wildcard
560d6da48f066000541dd43f5d407644dee12bebTinderbox User address; connections will be accepted on any of the system's
560d6da48f066000541dd43f5d407644dee12bebTinderbox User IPv4 addresses. To listen on the IPv6 wildcard address,
d58e33bfabfee19a035031dac633d36659738d56Evan HuntCLASS="command"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsCLASS="literal"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If you will only use <B
601c1908d06375f5dea00ab98671a6c934d8a840Automatic UpdaterCLASS="command"
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater> on the local host,
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater using the loopback address (<TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="literal"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="literal"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>) is recommended for maximum
e0bf4fc289705375be65c05a8fb085d514a98c97Tinderbox User> If no port is specified, port 953
f42fc714eda962112e45b904d1f846c61a080114Automatic UpdaterCLASS="literal"
a6e1f63f50af688610ebd2521ba7f028767b51f3Mark Andrews>" cannot be used for
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserCLASS="command"
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User>The ability to issue commands over the control channel is
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater restricted by the <B
e0bf4fc289705375be65c05a8fb085d514a98c97Tinderbox UserCLASS="command"
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserCLASS="command"
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater> clauses. Connections to the control
dbd021853bb1cd6ab128e8da8865f5965030aedcTinderbox User channel are permitted based on the
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserCLASS="command"
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater>address_match_list</B
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater>. This is for simple
3040b455151b1e1173193933664b2891b6159f24Mark Andrews IP address based filtering only; any <B
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
d98b4b724343547314bde32a54966c8f124a5f03Mark Andrews elements of the <B
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserCLASS="command"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User>address_match_list</B
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User>The primary authorization mechanism of the command
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews channel is the <B
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews>, which contains
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews a list of <B
e8e87ede5c36b95806c77bcd34894ad9c4b39a78Tinderbox UserCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews> is authorized to execute
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews commands over the control channel.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews>Remote Name Daemon Control application</A
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsHREF="Bv9ARM.ch03.html#admin_tools"
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt>Section 3.3.1.2</A
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews>) for information about
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews configuring keys in <B
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews> If no <B
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
d98b4b724343547314bde32a54966c8f124a5f03Mark Andrews> statement is present,
015f044f7f916eb18d053f2e5dcbee481425bc66Mark AndrewsCLASS="command"
015f044f7f916eb18d053f2e5dcbee481425bc66Mark Andrews> will set up a default
e7d35dad55e8deae14f29aabfb20d540b4b6ab3dMark Andrewscontrol channel listening on the loopback address 127.0.0.1
015f044f7f916eb18d053f2e5dcbee481425bc66Mark Andrewsand its IPv6 counterpart ::1.
bec9d04b657e1582d2531bdc02503bebde2aa978Tinderbox UserIn this case, and also when the <B
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrewsis present but does not have a <B
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews> will attempt to load the command channel key
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox Userfrom the file <TT
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="filename"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="filename"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews> (or whatever <TT
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="varname"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews>sysconfdir</TT
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrewswas specified as when <SPAN
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="acronym"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews> was built).
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsTo create a <TT
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="filename"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark AndrewsCLASS="userinput"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews>rndc-confgen -a</B
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="filename"
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User> feature was created to
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User ease the transition of systems from <SPAN
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="acronym"
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews which did not have digital signatures on its command channel messages
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews and thus did not have a <B
351eca011cf38fd3272b325029afce144a9a1ebaMark AndrewsCLASS="command"
351eca011cf38fd3272b325029afce144a9a1ebaMark AndrewsIt makes it possible to use an existing <SPAN
351eca011cf38fd3272b325029afce144a9a1ebaMark AndrewsCLASS="acronym"
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsconfiguration file in <SPAN
351eca011cf38fd3272b325029afce144a9a1ebaMark AndrewsCLASS="acronym"
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews> 9 unchanged,
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrewsand still have <B
351eca011cf38fd3272b325029afce144a9a1ebaMark AndrewsCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews> work the same way
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews> worked in BIND 8, simply by executing the
d46a3a2f7c1032c947b7bfde6e08010442645139Tinderbox UserCLASS="userinput"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>rndc-keygen -a</B
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews> after BIND 9 is
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews> Since the <TT
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsCLASS="filename"
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater is only intended to allow the backward-compatible usage of
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic UpdaterCLASS="acronym"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews> 8 configuration files, this feature does not
3040b455151b1e1173193933664b2891b6159f24Mark Andrews have a high degree of configurability. You cannot easily change
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the key name or the size of the secret, so you should make a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="filename"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> with your own key if you wish to change
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User those things. The <TT
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox UserCLASS="filename"
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User> file also has its
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews permissions set such that only the owner of the file (the user that
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="command"
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater> is running as) can access it. If you
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater desire greater flexibility in allowing other users to access
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic UpdaterCLASS="command"
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater> commands then you need to create an
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic UpdaterCLASS="filename"
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater> and make it group readable by a group
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater that contains the users who should have access.</P
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater>The UNIX control channel type of <SPAN
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic UpdaterCLASS="acronym"
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews> 8 is not supported
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic UpdaterCLASS="acronym"
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater> 9, and is not expected to be added in future
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater releases. If it is present in the controls statement from a
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="acronym"
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater> 8 configuration file, it is ignored
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and a warning is logged.</P
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="sect2"
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserNAME="AEN1544"
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserCLASS="command"
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User> Statement Grammar</A
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserCLASS="programlisting"
1368e4b34cef64604c874fcc40201c78e548714cTinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserNAME="AEN1549"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="command"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington> Statement Definition and Usage</A
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> statement inserts the
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater specified file at the point where the <B
a5636b773fa05a272b6876afd99309c0b3090e2fMark AndrewsCLASS="command"
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User statement is encountered. The <B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews statement facilitates the administration of configuration files
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews by permitting the reading or writing of some things but not
3040b455151b1e1173193933664b2891b6159f24Mark Andrews others. For example, the statement could include private keys
3040b455151b1e1173193933664b2891b6159f24Mark Andrews that are readable only by the name server.</P
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="sect2"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserNAME="AEN1556"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="command"
879391501ee0ffba072433120bf1baa4087f8899Automatic Updater> Statement Grammar</A
8f536463f9fdfa7da6a8310e4f4895373beb2961Mark AndrewsCLASS="programlisting"
f7a71eef29bcbf892270460269c79664f600cffdAutomatic UpdaterCLASS="replaceable"
dcd42a39d311b44877161ffd1e27fa62700c0171Mark Andrews algorithm <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
c5f7f6aa6c51d35353a9485b32abbabfe8358b4eMark AndrewsCLASS="sect2"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNAME="AEN1563"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> Statement Definition and Usage</A
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> statement defines a shared
64d59a0480180940d855a3431ac5ff617b53e997Tinderbox Usersecret key for use with TSIG (see <A
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>Section 4.5</A
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateror the command channel
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterHREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater>Section 6.2.4</A
d58e33bfabfee19a035031dac633d36659738d56Evan HuntCLASS="command"
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User> statement can occur at the top level
3040b455151b1e1173193933664b2891b6159f24Mark Andrewsof the configuration file or inside a <B
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterstatement. Keys defined in top-level <B
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox UserCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterstatements can be used in all views. Keys intended for use in
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark AndrewsCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterHREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User>Section 6.2.4</A
80f05de86cd3cd8e4a4215c4501643891b942dafTinderbox Usermust be defined at the top level.
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsCLASS="replaceable"
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User>, also known as the
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox Userkey name, is a domain name uniquely identifying the key. It can
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox Userbe used in a <B
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox UserCLASS="command"
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrewsstatement to cause requests sent to that
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrewsserver to be signed with this key, or in address match lists to
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrewsverify that incoming requests have been signed with a key
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrewsmatching this name, algorithm, and secret.</P
d58e33bfabfee19a035031dac633d36659738d56Evan HuntCLASS="replaceable"
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews>algorithm_id</I
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updaterthat specifies a security/authentication algorithm. The only
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updateralgorithm currently supported with TSIG authentication is
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic UpdaterCLASS="literal"
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic UpdaterCLASS="replaceable"
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User>secret_string</I
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User> is the secret to be
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox Userused by the algorithm, and is treated as a base-64 encoded
08190bd4d89153cee463b34f9233ad6dd88965fcMark AndrewsCLASS="sect2"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater> Statement Grammar</A
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="programlisting"
f46621af221784fd08339c6fe9509d9e48334561Tinderbox UserCLASS="command"
f46621af221784fd08339c6fe9509d9e48334561Tinderbox UserCLASS="command"
f46621af221784fd08339c6fe9509d9e48334561Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>channel_name</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserCLASS="replaceable"
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt>path name</I
859148b72a22e4221c3e918d15c7fdd5e78b6d8dTinderbox UserCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="literal"
859148b72a22e4221c3e918d15c7fdd5e78b6d8dTinderbox User>unlimited</TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>size spec</I
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>syslog_facility</I
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="command"
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic UpdaterCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="option"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="option"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="option"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>print-category</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>print-severity</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>print-time</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="command"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User>category_name</I
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="replaceable"
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews>channel_name</I
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="replaceable"
e213b38b48486b3a6349329655d9169085001fa0Tinderbox User>channel_nam</I
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="sect2"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserNAME="AEN1623"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> Statement Definition and Usage</A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> statement configures a wide
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsvariety of logging options for the name server. Its <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Huntassociates output methods, format options and severity levels with
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Usera name that can then be used with the <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrewsto select how various classes of messages are logged.</P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> statement is used to define
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Useras many channels and categories as are wanted. If there is no <B
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="command"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox Userthe logging configuration will be:</P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="programlisting"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews category default { default_syslog; default_debug; };
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews category unmatched { null; };
7f79131f9a8e804b93c57f3c679065cce878b726Automatic UpdaterCLASS="acronym"
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson> 9, the logging configuration is only established when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterthe entire configuration file has been parsed. In <SPAN
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="acronym"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrewsestablished as soon as the <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterwas parsed. When the server is starting up, all logging messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterregarding syntax errors in the configuration file go to the default
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonchannels, or to standard error if the "<TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="option"
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonwas specified.</P
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsCLASS="sect3"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsNAME="AEN1639"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>6.2.10.1. The <B
8bc3d252395842452a6d2c775cf8445f6349e331Tinderbox UserCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>All log output goes to one or more <I
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="emphasis"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Useryou can make as many of them as you want.</P
467a823e57af687ebd486dfd73ea32f9d2a145beTinderbox User>Every channel definition must include a destination clause that
7d704e522860496310bb29c28e76064868401a9cMark Andrewssays whether messages selected for the channel go to a file, to a
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsparticular syslog facility, to the standard error stream, or are
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox Userdiscarded. It can optionally also limit the message severity level
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userthat will be accepted by the channel (the default is
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark AndrewsCLASS="command"
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater>), and whether to include a
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserCLASS="command"
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User>-generated time stamp, the category name
402eda3e7d4254ffac1543bf2917c71248a09e4cTinderbox Userand/or severity level (the default is not to include any).</P
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark AndrewsCLASS="command"
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews> destination clause
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewscauses all messages sent to the channel to be discarded;
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrewsin that case, other options for the channel are meaningless.</P
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark AndrewsCLASS="command"
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews> destination clause directs the channel
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updaterto a disk file. It can include limitations
409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox Userboth on how large the file is allowed to become, and how many versions
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox Userof the file will be saved each time the file is opened.</P
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User>If you use the <B
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="command"
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater> log file option, then
261ef37955c3468cbcb55d54b83c9a3b14e114dfTinderbox UserCLASS="command"
261ef37955c3468cbcb55d54b83c9a3b14e114dfTinderbox User> will retain that many backup versions of the file by
261ef37955c3468cbcb55d54b83c9a3b14e114dfTinderbox Userrenaming them when opening. For example, if you choose to keep 3 old versions
261ef37955c3468cbcb55d54b83c9a3b14e114dfTinderbox Userof the file <TT
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox UserCLASS="filename"
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User> then just before it is opened
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox UserCLASS="filename"
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox User> is renamed to
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="filename"
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox UserCLASS="filename"
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox UserCLASS="filename"
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox UserCLASS="filename"
87d422bb38fa1c8f0fb29c2a1b8c044870a7df46Tinderbox Userrenamed to <TT
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="filename"
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserYou can say <B
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="command"
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User>versions unlimited</B
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox User> to not limit
b8cc0c5d896c361525708a2be2e5af7df76c96d7Tinderbox Userthe number of versions.
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox UserCLASS="command"
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox User> option is associated with the log file,
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox Userthen renaming is only done when the file being opened exceeds the
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox Userindicated size. No backup versions are kept by default; any existing
959e5da49a2cff7dfd8fdb885cd11c5d7d94a292Tinderbox Userlog file is simply appended.</P
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox UserCLASS="command"
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User> option for files is used to limit log
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox Usergrowth. If the file ever exceeds the size, then <B
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox UserCLASS="command"
02d20c5d79600704d617d248642c477e9b5e6a2aTinderbox Userstop writing to the file unless it has a <B
2ec4ab21838e218863d052ebfa3e106e04f50820Evan HuntCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsassociated with it. If backup versions are kept, the files are rolled as
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsdescribed above and a new one begun. If there is no
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> option, no more data will be written to the log
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsuntil some out-of-band mechanism removes or truncates the log to less than the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsmaximum size. The default behavior is not to limit the size of the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>Example usage of the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> options:</P
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="programlisting"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>channel an_example_channel {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews file "example.log" versions 3 size 20m;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews print-time yes;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews print-category yes;
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> destination clause directs the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewschannel to the system log. Its argument is a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewssyslog facility as described in the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> will handle messages sent to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthis facility is described in the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewspage. If you have a system which uses a very old version of <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsonly uses two arguments to the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>openlog()</B
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthen this clause is silently ignored.</P
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> clause works like <B
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews"priorities", except that they can also be used if you are writing
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsstraight to a file rather than using <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsMessages which are not at least of the severity level given will
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsnot be selected for the channel; messages of higher severity levels
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswill be accepted.</P
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>If you are using <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>, then the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswill also determine what eventually passes through. For example,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsdefining a channel facility and severity as <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsonly logging <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewscause messages of severity <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsbe dropped. If the situation were reversed, with <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsmessages of only <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> or higher, then <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsprint all messages it received from the channel.</P
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> destination clause directs the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewschannel to the server's standard error stream. This is intended for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsuse when the server is running as a foreground process, for example
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewswhen debugging a configuration.</P
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>The server can supply extensive debugging information when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsit is in debugging mode. If the server's global debug level is greater
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthan zero, then debugging mode will be active. The global debug
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewslevel is set either by starting the <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="option"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> flag followed by a positive integer,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsor by running <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>rndc trace</B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsThe global debug level
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewscan be set to zero, and debugging mode turned off, by running <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>. All debugging messages in the server have a debug
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewslevel, and higher debug levels give more detailed output. Channels
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthat specify a specific debug severity, for example:</P
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="programlisting"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>channel specific_debug_level {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews severity debug 3;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>will get debugging output of level 3 or less any time the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsserver is in debugging mode, regardless of the global debugging
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewslevel. Channels with <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> severity use the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsserver's global debug level to determine what messages to print.</P
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>print-time</B
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> has been turned on, then
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsthe date and time will be logged. <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>print-time</B
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsbe specified for a <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> channel, but is usually
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewspointless since <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> also prints the date and
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>print-category</B
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> is requested, then the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewscategory of the message will be logged as well. Finally, if <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews>print-severity</B
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewson, then the severity level of the message will be logged. The <B
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsCLASS="command"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews> options may
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrewsbe used in any combination, and will always be printed in the following
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntorder: time, category, severity. Here is an example where all three <B
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan HuntCLASS="command"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan HuntCLASS="computeroutput"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>28-Feb-2000 15:05:32.863 general: notice: running</TT
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>There are four predefined channels that are used for
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan HuntCLASS="command"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>'s default logging as follows. How they are
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntused is described in <A
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan HuntHREF="Bv9ARM.ch06.html#the_category_phrase"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>Section 6.2.10.2</A
ab272d2204a075b5ed0798d04733a9028782b8daEvan HuntCLASS="programlisting"
ab272d2204a075b5ed0798d04733a9028782b8daEvan Hunt>channel default_syslog {
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater syslog daemon; // send to syslog's daemon
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater severity info; // only send priority info
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updaterchannel default_debug {
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater file "named.run"; // write to named.run in
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater // the working directory
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater // Note: stderr is used instead
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater // if the server is started
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User // with the '-f' option.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater severity dynamic; // log at the server's
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater // current debug level
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafssonchannel default_stderr {
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater stderr; // writes to stderr
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox User severity info; // only send priority info
66d24a46538c7c2d29fdb5611ab1173e83685b1dTinderbox User // and higher
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrewschannel null {
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews null; // toss anything sent to
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews // this channel
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>default_debug</B
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User> channel has the special
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userproperty that it only produces output when the server's debug level is
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrewsnonzero. It normally writes to a file <TT
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic UpdaterCLASS="filename"
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updaterin the server's working directory.</P
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews>For security reasons, when the "<TT
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsCLASS="option"
da93950363b307b718d156514b95b9df93a63776Mark Andrewscommand line option is used, the <TT
da93950363b307b718d156514b95b9df93a63776Mark AndrewsCLASS="filename"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateris created only after <B
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterCLASS="command"
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updater> has changed to the
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updaternew UID, and any debug output generated while <B
fbcaee30a27f47fe337152c27e7d90489dc8fd63Tinderbox UserCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterstarting up and still running as root is discarded. If you need
1d4f4d2db2d69e48fec2dde5c1535853677d22a7Automatic Updaterto capture this output, you must run the server with the "<TT
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntoption and redirect standard error to a file.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Once a channel is defined, it cannot be redefined. Thus you
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Usercannot alter the built-in channels directly, but you can modify
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntthe default logging by pointing categories at channels you have defined.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserNAME="the_category_phrase"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>6.2.10.2. The <B
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>There are many categories, so you can send the logs you want
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntto see wherever you want, without seeing logs you don't want. If
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Useryou don't specify a list of channels for a category, then log messages
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userin that category will be sent to the <B
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntinstead. If you don't specify a default category, the following
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt"default default" is used:</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="programlisting"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>category default { default_syslog; default_debug; };
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>As an example, let's say you want to log security events to
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Usera file, but you also want keep the default logging behavior. You'd
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userspecify the following:</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="programlisting"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>channel my_security_channel {
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User file "my_security_file";
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User severity info;
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Usercategory security {
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt my_security_channel;
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt default_syslog;
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt default_debug;
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>To discard all messages in a category, specify the <B
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="programlisting"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>category xfer-out { null; };
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Usercategory notify { null; };
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Following are the available categories and brief descriptions
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userof the types of log information they contain. More
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Usercategories may be added in future <SPAN
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="acronym"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User> releases.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="informaltable"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserNAME="AEN1743"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCELLPADDING="3"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="CALSTABLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>The default category defines the logging
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Useroptions for those categories where no specific configuration has been
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>The catch-all. Many things still aren't
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userclassified into categories, and they all end up here.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Messages relating to the databases used
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox Userinternally by the name server to store zone and cache data.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Approval and denial of requests.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Configuration file parsing and processing.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt>DNS resolution, such as the recursive
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Huntlookups performed on behalf of clients by a caching name server.</P
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserCLASS="command"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox UserVALIGN="MIDDLE"
776a8e3ff8889711a1f61a9362607c42716563f4Tinderbox User>Zone transfers the server is receiving.</P
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserVALIGN="MIDDLE"
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserCLASS="command"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsVALIGN="MIDDLE"
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater>Zone transfers the server is sending.</P
95637507c3d47481fbf0a8a8c750a57f944f677fMark AndrewsVALIGN="MIDDLE"
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserCLASS="command"
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserVALIGN="MIDDLE"
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User>The NOTIFY protocol.</P
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserVALIGN="MIDDLE"
d585233c52e283d9a8849f16f04f452419a2484eTinderbox UserCLASS="command"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsVALIGN="MIDDLE"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews>Processing of client requests.</P
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsVALIGN="MIDDLE"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsCLASS="command"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews>unmatched</B
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsVALIGN="MIDDLE"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews>Messages that named was unable to determine the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsclass of or for which there was no matching <B
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsA one line summary is also logged to the <B
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserThis category is best sent to a file or stderr, by default it is sent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews> channel.</P
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsVALIGN="MIDDLE"
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
644973f327e9db74779e7c0426db90909173b284Automatic Updater>Network operations.</P
bf1263835e8e35421960f65088c043f42aacef13Mark AndrewsVALIGN="MIDDLE"
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox UserCLASS="command"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserVALIGN="MIDDLE"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User>Dynamic updates.</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="command"
436aad11e01e916f75e68a2e9cb89ac217a990d3Tinderbox UserVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>Queries. Using the category <B
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark AndrewsCLASS="command"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> will enable query logging.</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterVALIGN="MIDDLE"
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox UserCLASS="command"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsVALIGN="MIDDLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>Dispatching of incoming packets to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterserver modules where they are to be processed.
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterVALIGN="MIDDLE"
90cde4c188ac5bdea4f402b241c387c9cc9d4cc4Tinderbox UserCLASS="command"
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox UserVALIGN="MIDDLE"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>DNSSEC and TSIG protocol processing.
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserVALIGN="MIDDLE"
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark AndrewsCLASS="command"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews>lame-servers</B
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserVALIGN="MIDDLE"
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater>Lame servers. These are misconfigurations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterin remote servers, discovered by BIND 9 when trying to query
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrewsthose servers during resolution.
b871c7156eb037d41f53828c6fcb9cc876128962Mark AndrewsNAME="AEN1854"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews> Statement Grammar</A
e8c42d50cdaf3a3b841074d8bf72b40ffbae2a4bTinderbox User> This is the grammar of the <B
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic UpdaterCLASS="command"
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updaterstatement in the <TT
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserCLASS="filename"
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsCLASS="programlisting"
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox UserCLASS="command"
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsCLASS="optional"
be46cb4bee9253ee4832340c719920642e00c41aTinderbox User> listen-on { <TT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsCLASS="optional"
66cf4a406525db9c42977d8034a60e0a8e2a9290Automatic UpdaterCLASS="replaceable"
b7fcdb0bee7680fe9536bec3b204aea094bc514eTinderbox UserCLASS="optional"
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User>] ; ... </SPAN
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="optional"
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox UserCLASS="replaceable"
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews>view_name</I
e20309353e6246485c521278131d3fced73d7957Tinderbox UserCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> search { <TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>domain_name</I
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>domain_name</I
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> ; ... </SPAN
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> Statement Definition and Usage</A
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> statement configures the name
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox Userserver to also act as a lightweight resolver server, see
a61158fed2e0281a40e3e97e0b7c3f9789a07b4eTinderbox User>Section 5.2</A
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater>. There may be be multiple
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="command"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> statements configuring
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updaterlightweight resolver servers with different properties.</P
a1788473b239588464bdeac4ab9f3fbcae959450Tinderbox UserCLASS="command"
c7f4dfc8decb44451cff27ef160d539d4954dc31Tinderbox User> statement specifies a list of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updateraddresses (and ports) that this instance of a lightweight resolver daemon
f34958b7669dfca333cc0cd20113b1f55a89e1deTinderbox Usershould accept requests on. If no port is specified, port 921 is used.
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic UpdaterIf this statement is omitted, requests will be accepted on 127.0.0.1,
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark AndrewsCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> statement binds this instance of a
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrewslightweight resolver daemon to a view in the DNS namespace, so that the
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrewsresponse will be constructed in the same manner as a normal DNS query
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updatermatching this view. If this statement is omitted, the default view is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterused, and if there is no default view, an error is triggered.</P
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="command"
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater> statement is equivalent to the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="command"
c762a0e4141c8eb9d7567c614cf6dde994f6a76dTinderbox UserCLASS="filename"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews>. It provides a list of domains
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userwhich are appended to relative names in queries.</P
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="command"
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User> statement is equivalent to the
59528addd704f8d5757b54e540520f74e588a7c7Automatic UpdaterCLASS="command"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="filename"
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater>. It indicates the minimum
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaternumber of dots in a relative domain name that should result in an
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox Userexact match lookup before search path elements are appended.</P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> Statement Grammar</A
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User>This is the grammar of the <B
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="command"
324a8797b46d646fe8d3b2eef6785e0b2b3ac956Tinderbox Userstatement in the <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="filename"
79b627f399ce925988bb326315e6742d5316cb6bTinderbox UserCLASS="programlisting"
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater>version_string</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> hostname <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>hostname_string</I
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> directory <TT
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> named-xfer <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
402eda3e7d4254ffac1543bf2917c71248a09e4cTinderbox User> tkey-domain <TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
94f3904f58cd35f76adea08e96d8e755ccfd5610Tinderbox User>domainname</I
955ee8b865d70d02ad1fdc959382e6f8a07c1d14Tinderbox UserCLASS="optional"
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater> tkey-dhkey <TT
0d3490f93bb980fde704055e74c1b508987a5fe4Mark AndrewsCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User> dump-file <TT
757ff043760e4743dda1a10e7d58349275934902Tinderbox UserCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt> memstatistics-file <TT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews>path_name</I
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User> pid-file <TT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
71fc4775d04aea66809e3eb5b5159c55413bdc5cMark AndrewsCLASS="optional"
7d704e522860496310bb29c28e76064868401a9cMark Andrews> statistics-file <TT
7d704e522860496310bb29c28e76064868401a9cMark AndrewsCLASS="replaceable"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="optional"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater> zone-statistics <TT
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
b7fcdb0bee7680fe9536bec3b204aea094bc514eTinderbox User> auth-nxdomain <TT
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox UserCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
b7fcdb0bee7680fe9536bec3b204aea094bc514eTinderbox User> deallocate-on-exit <TT
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox UserCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="optional"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dialup_option</I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="optional"
8bc3d252395842452a6d2c775cf8445f6349e331Tinderbox User> fake-iquery <TT
ca5ba35827e475a824ec79d489dbcdb3341a35ccTinderbox UserCLASS="replaceable"
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox UserCLASS="optional"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User> fetch-glue <TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterCLASS="optional"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> has-old-clients <TT
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User> host-statistics <TT
a8677ecad546c955406b341eb8344ed06768b11eTinderbox UserCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt>yes_or_no</I
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt> minimal-responses <TT
1fdd58445074579ee3b65c871137a7a1740eb542Mark AndrewsCLASS="replaceable"
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews>yes_or_no</I
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox UserCLASS="optional"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User> multiple-cnames <TT
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
b5423cbff7175727ed9046c8c670d8a7bb4d01eaTinderbox UserCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> recursion <TT
365bb6f27eace1836cb5bc6b5f9ed8c88fe22e4aTinderbox UserCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>yes_or_no</I
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox UserCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> rfc2308-type1 <TT
71fa3534bfaf174f6a938dc1ba3522f66606c4e1Mark AndrewsCLASS="replaceable"
7f79131f9a8e804b93c57f3c679065cce878b726Automatic UpdaterCLASS="optional"
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User> use-id-pool <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="optional"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> maintain-ixfr-base <TT
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater> forward ( <TT
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews> forwarders { <TT
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox UserCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic UpdaterCLASS="replaceable"
a8677ecad546c955406b341eb8344ed06768b11eTinderbox UserCLASS="optional"
d3ba57ed92b7095fdeabc444af5dd18ac4781064Tinderbox UserCLASS="replaceable"
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox UserCLASS="optional"
04bc14c887243e624469fdbd336c1d3cb8ed7cc7Tinderbox UserCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User>] ; ... </SPAN
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> check-names ( <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
a8677ecad546c955406b341eb8344ed06768b11eTinderbox UserCLASS="replaceable"
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
137fdbc214e99c4cbe57551e9e14f2015c2e42aeTinderbox User> allow-notify { <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>address_match_list</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> allow-query { <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt>address_match_list</I
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> allow-transfer { <TT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>address_match_list</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> allow-recursion { <TT
4cde88fbf4c5e78a785d40f364cdcf60f3575f0cTinderbox UserCLASS="replaceable"
83e281baf1b4149dc637d24dd41141129ae712c6Tinderbox User>address_match_list</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User> allow-update-forwarding { <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User>address_match_list</I
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User> allow-v6-synthesis { <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User>address_match_list</I
ca5ba35827e475a824ec79d489dbcdb3341a35ccTinderbox UserCLASS="optional"
757ff043760e4743dda1a10e7d58349275934902Tinderbox User> blackhole { <TT
71fa3534bfaf174f6a938dc1ba3522f66606c4e1Mark AndrewsCLASS="replaceable"
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews>address_match_list</I
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
b6e12209e3e7df826f5f8f949ad400ec6d1f6371Tinderbox User> listen-on [<SPAN
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox UserCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
fd0f3e7cd8bc0e7fd08cc81ceb6ced861b706c97Mark Andrews>address_match_list</I
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox UserCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User> listen-on-v6 [<SPAN
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox UserCLASS="optional"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
27739dd25026283c24645c8a1044b95ef9eb5ac6Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>address_match_list</I
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic UpdaterCLASS="optional"
c288e47fb7d4baa1ed887156b1c5e5db394d4f52Tinderbox User> query-source [<SPAN
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater> address ( <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
04bc14c887243e624469fdbd336c1d3cb8ed7cc7Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews> max-transfer-time-in <TT
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> max-transfer-time-out <TT
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> max-transfer-idle-in <TT
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="replaceable"
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic UpdaterCLASS="optional"
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt> max-transfer-idle-out <TT
dbb012765c735ee0d82dedb116cdc7cf18957814Evan HuntCLASS="replaceable"
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas GustafssonCLASS="optional"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> tcp-clients <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="replaceable"
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterCLASS="optional"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews> recursive-clients <TT
dbb012765c735ee0d82dedb116cdc7cf18957814Evan HuntCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> serial-query-rate <TT
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="replaceable"
40696c4c389a780082fb77840c173b201ce696d6Automatic UpdaterCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> serial-queries <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> transfer-format <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>( one-answer | many-answers )</I
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> transfers-in <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> transfers-out <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="optional"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> transfers-per-ns <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
c288e47fb7d4baa1ed887156b1c5e5db394d4f52Tinderbox UserCLASS="optional"
e213b38b48486b3a6349329655d9169085001fa0Tinderbox User> transfer-source (<TT
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="constant"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="optional"
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> transfer-source-v6 (<TT
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox UserCLASS="replaceable"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="constant"
5b4ef313da4283079786e516b4b07a1691e1dc50Mark AndrewsCLASS="optional"
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="optional"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater> notify-source (<TT
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox UserCLASS="replaceable"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="constant"
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox UserCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="optional"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User> notify-source-v6 (<TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="replaceable"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="constant"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="optional"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="replaceable"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="optional"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews> also-notify { <TT
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="replaceable"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="optional"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="replaceable"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="optional"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="replaceable"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="optional"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="replaceable"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User>] ; ... </SPAN
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic UpdaterCLASS="optional"
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User> max-ixfr-log-size <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> max-journal-size <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="replaceable"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="optional"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> coresize <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="replaceable"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews>size_spec</I
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="optional"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> datasize <TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox UserCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt>size_spec</I
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt> stacksize <TT
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt>size_spec</I
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt> cleaning-interval <TT
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="replaceable"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="optional"
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt> heartbeat-interval <TT
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan HuntCLASS="replaceable"
713c3d5b18463f2479973e4d14f73248e60a5df7Mark AndrewsCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> interface-interval <TT
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="optional"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> statistics-interval <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="optional"
27739dd25026283c24645c8a1044b95ef9eb5ac6Tinderbox User> topology { <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="replaceable"
bed0874e1a09e810575328c4bfc346a47514b69fMark Andrews>address_match_list</I
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="optional"
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User> sortlist { <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="replaceable"
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User>address_match_list</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> rrset-order { <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>order_spec</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>order_spec</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> ; ... </SPAN
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> lame-ttl <TT
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="replaceable"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> max-ncache-ttl <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> max-cache-ttl <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> sig-validity-interval <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> min-roots <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> use-ixfr <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> provide-ixfr <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews>yes_or_no</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> request-ixfr <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> treat-cr-as-space <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews> min-refresh-time <TT
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> max-refresh-time <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> min-retry-time <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> max-retry-time <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> additional-from-auth <TT
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="replaceable"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews>yes_or_no</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> additional-from-cache <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews> random-device <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> max-cache-size <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="optional"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> match-mapped-addresses <TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="replaceable"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews>yes_or_no</I
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="sect2"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsNAME="AEN2121"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> Statement Definition and Usage</A
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> statement sets up global options
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsto be used by <SPAN
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="acronym"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater>. This statement may appear only
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Useronce in a configuration file. If there is no <B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userstatement, an options block with each option set to its default will
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="variablelist"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews>directory</B
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews>The working directory of the server.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserAny non-absolute pathnames in the configuration file will be taken
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Useras relative to this directory. The default location for most server
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="filename"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>) is this directory.
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserIf a directory is not specified, the working directory defaults
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterCLASS="filename"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>', the directory from which the server
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userwas started. The directory specified should be an absolute path.</P
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>named-xfer</B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="emphasis"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>This option is obsolete.</I
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserIt was used in <SPAN
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="acronym"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userspecify the pathname to the <B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>named-xfer</B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="acronym"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> 9, no separate <B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>named-xfer</B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userneeded; its functionality is built into the name server.</P
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>tkey-domain</B
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>The domain appended to the names of all
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Usershared keys generated with <B
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="command"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews>. When a client
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrewsrequests a <B
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsCLASS="command"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User> exchange, it may or may not specify
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userthe desired name for the key. If present, the name of the shared
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox Userkey will be "<TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="varname"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>client specified part</TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="varname"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>tkey-domain</TT
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsOtherwise, the name of the shared key will be "<TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="varname"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox UserCLASS="varname"
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>tkey-domain</TT
9f6827a4afb75224214ea96452e787e7f710b8b6Tinderbox User>". In most cases,
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic UpdaterCLASS="command"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews>domainname</B
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater> should be the server's domain
e676a596869d8a80a644c99a848afb53d1c5975eMark AndrewsCLASS="command"
081a44bd3019b18aec03c5c0746538fdc901da48Evan Hunt>tkey-dhkey</B
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User>The Diffie-Hellman key used by the server
be41770245bd56746fbb61f9b5ba0aca683f318eTinderbox Userto generate shared keys with clients using the Diffie-Hellman mode
4c9f230f7ca5b2b08ea8fd7a6944135801dbe152Tinderbox UserCLASS="command"
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User>. The server must be able to load the
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userpublic and private keys from files in the working directory. In
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Usermost cases, the keyname should be the server's host name.</P
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox UserCLASS="command"
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User>The pathname of the file the server dumps
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox Userthe database to when instructed to do so with
6508846efcd15de6b43b7da44c0bfcd665947630Tinderbox UserCLASS="command"
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User>rndc dumpdb</B
a7c412f37cc73d0332887a746e81220cbf09dd00Mark AndrewsIf not specified, the default is <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="filename"
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox UserCLASS="command"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>memstatistics-file</B
HREF="Bv9ARM.ch06.html#statsfile"
additional data sections when they are required (e.g. delegations,
HREF="Bv9ARM.ch04.html#notify"
HREF="Bv9ARM.ch06.html#statsfile"
HREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
HREF="Bv9ARM.ch04.html#incremental_zone_transfers"
HREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
HREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
if known, even though they are not in the example.com zone.
HREF="Bv9ARM.ch06.html#zone_statement_grammar"
HREF="Bv9ARM.ch06.html#address_match_lists"
HREF="Bv9ARM.ch07.html#dynamic_update_security"
HREF="Bv9ARM.ch06.html#synthesis"
> 8.x and patched
HREF="Bv9ARM.ch06.html#configuration_file_elements"
HREF="Bv9ARM.ch04.html#journal"
HREF="Bv9ARM.ch06.html#rrset_ordering"
HREF="Bv9ARM.ch06.html#topology"
> 4.9.x. Responses sent
HREF="Bv9ARM.ch06.html#the_sortlist_statement"
class IN type A name "host.example.com" order random;
HREF="Bv9ARM.ch04.html#dynamic_update"
HREF="Bv9ARM.ch06.html#view_statement_grammar"
HREF="Bv9ARM.ch04.html#tsig"
HREF="Bv9ARM.ch04.html#DNSSEC"
// Provide a complete view of the example.com zone
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com zone
zone "example.com" {
file "example-external.db";
HREF="Bv9ARM.ch06.html#access_control"
HREF="Bv9ARM.ch06.html#access_control"
HREF="Bv9ARM.ch06.html#access_control"
HREF="Bv9ARM.ch07.html#dynamic_update_security"
HREF="Bv9ARM.ch06.html#dynamic_update_policies"
HREF="Bv9ARM.ch06.html#access_control"
HREF="Bv9ARM.ch06.html#boolean_options"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#boolean_options"
HREF="Bv9ARM.ch06.html#tuning"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#zone_transfers"
HREF="Bv9ARM.ch06.html#tuning"
HREF="Bv9ARM.ch06.html#boolean_options"
HREF="Bv9ARM.ch06.html#the_sortlist_statement"
HREF="Bv9ARM.ch06.html#rrset_ordering"
built-in server information zones, e.g.,
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
>$ORIGIN example.com.
sub /24 reverse delegations described in RFC 2317: Classless IN-ADDR.ARPA
>$ORIGIN 0.0.192.IN-ADDR.ARPA.
HREF="Bv9ARM.ch05.html"
HREF="Bv9ARM.html"
HREF="Bv9ARM.ch07.html"