Bv9ARM.ch06.html revision b7ce89b8ca18904810265cc0074d7d517c9a5c5c
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater - purpose with or without fee is hereby granted, provided that the above
7b67cfadd077feb0ec3e6c78385ba0d845a9789bMark Andrews - copyright notice and this permission notice appear in all copies.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - PERFORMANCE OF THIS SOFTWARE.
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater<!-- $Id: Bv9ARM.ch06.html,v 1.246 2009/11/26 01:15:25 tbox Exp $ -->
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<title>Chapter�6.�BIND 9 Configuration Reference</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<table width="100%" summary="Navigation header">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<tr><th colspan="3" align="center">Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</th></tr>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h2 class="title">
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<a name="Bv9ARM.ch06"></a>Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</h2></div></div></div>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573997">Comment Syntax</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574515"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574773"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575132"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575149"><span><strong class="command">include</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575173"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575196"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575287"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575413"><span><strong class="command">logging</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577480"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577554"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577686"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577730"><span><strong class="command">masters</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577745"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587892"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588046"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588166"><span><strong class="command">trusted-keys</strong></span> Statement Definition
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588213"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588264"><span><strong class="command">managed-keys</strong></span> Statement Definition
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588568"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2593014">Zone File</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595244">Discussion of MX Records</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
52367885450d8f61d4f2d63292beb15ba8f39ac7Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595860">Inverse Mapping in IPv4</a></span></dt>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595987">Other Zone File Directives</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596260"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater <acronym class="acronym">BIND</acronym> 9 configuration is broadly similar
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater to <acronym class="acronym">BIND</acronym> 8; however, there are a few new
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater of configuration, such as views. <acronym class="acronym">BIND</acronym>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater 8 configuration files should work with few alterations in <acronym class="acronym">BIND</acronym>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater 9, although more complex configurations should be reviewed to check
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater if they can be more efficiently implemented using the new features
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews found in <acronym class="acronym">BIND</acronym> 9.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <acronym class="acronym">BIND</acronym> 4 configuration files can be
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson converted to the new format
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews using the shell script
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
e8c7dc2a5ce48f11c07a67c9923eeb8f419ff19fEvan Hunt<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater Following is a list of elements used throughout the <acronym class="acronym">BIND</acronym> configuration
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater file documentation:
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The name of an <code class="varname">address_match_list</code> as
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater defined by the <span><strong class="command">acl</strong></span> statement.
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater <code class="varname">address_match_list</code>
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater A list of one or more
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or <code class="varname">acl_name</code> elements, see
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater A named list of one or more <code class="varname">ip_addr</code>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater with optional <code class="varname">key_id</code> and/or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">masters_list</code> may include other
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <code class="varname">masters_lists</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A quoted string which will be used as
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater a DNS name, for example "<code class="literal">my.test.domain</code>".
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater A list of one or more <code class="varname">domain_name</code>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater One to four integers valued 0 through
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv4 address with exactly four elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <code class="varname">dotted_decimal</code> notation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 scoped addresses that have ambiguity on their
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater scope zones must be disambiguated by an appropriate
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater zone ID with the percent character (`%') as
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater delimiter. It is strongly recommended to use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington string zone names rather than numeric identifiers,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in order to be robust against system configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington changes. However, since there is no standard
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mapping for such names and identifier values,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington currently only interface names as link identifiers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are supported, assuming one-to-one mapping between
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces and links. For example, a link-local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington address <span><strong class="command">fe80::1</strong></span> on the link
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attached to the interface <span><strong class="command">ne0</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Note that on most systems link-local addresses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington always have the ambiguity, and need to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disambiguated.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IP port <code class="varname">number</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <code class="varname">number</code> is limited to 0
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington through 65535, with values
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington below 1024 typically restricted to use by processes running
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington In some cases, an asterisk (`*') character can be used as a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington placeholder to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington select a random high-numbered port.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater An IP network specified as an <code class="varname">ip_addr</code>,
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater followed by a slash (`/') and then the number of bits in the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Trailing zeros in a <code class="varname">ip_addr</code>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater For example, <span><strong class="command">127/8</strong></span> is the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater network <span><strong class="command">127.0.0.0</strong></span> with
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater When specifying a prefix involving a IPv6 scoped address
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the scope may be omitted. In that case the prefix will
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater match packets from any scope.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater A <code class="varname">domain_name</code> representing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the name of a shared key, to be used for transaction
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of one or more
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater separated by semicolons and ending with a semicolon.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A non-negative 32-bit integer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (i.e., a number between 0 and 4294967295, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Its acceptable value might further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be limited by the context in which it is used.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A quoted string which will be used as
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of an <code class="varname">ip_port</code> or a port
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A port range is specified in the form of
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <strong class="userinput"><code>range</code></strong> followed by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">port_high</code>, which represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington port numbers from <code class="varname">port_low</code> through
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">port_high</code>, inclusive.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">port_low</code> must not be larger than
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews <strong class="userinput"><code>range 1024 65535</code></strong> represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ports from 1024 through 65535.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington In either case an asterisk (`*') character is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington allowed as a valid <code class="varname">ip_port</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A number, the word <strong class="userinput"><code>unlimited</code></strong>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or the word <strong class="userinput"><code>default</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the limit that was in force when the server was started.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">number</code> can optionally be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a scaling factor:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for kilobytes,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for megabytes, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater which scale by 1024, 1024*1024, and 1024*1024*1024
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The value must be representable as a 64-bit unsigned integer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (0 to 18446744073709551615, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Using <code class="varname">unlimited</code> is the best
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to safely set a really large number.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and <strong class="userinput"><code>0</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One of <strong class="userinput"><code>yes</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater <strong class="userinput"><code>passive</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are restricted to slave and stub zones.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<div class="titlepage"><div><div><h3 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<div class="titlepage"><div><div><h4 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="id2573627"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [<span class="optional"> address_match_list_element; ... </span>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington key key_id | acl_name | { address_match_list } )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573655"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Address match lists are primarily used to determine access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control for various server operations. They are also used in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements. The elements which constitute an address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list can be any of the following:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a key ID, as defined by the <span><strong class="command">key</strong></span>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<li>the name of an address match list defined with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">acl</strong></span> statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>a nested address match list enclosed in braces</li>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Elements can be negated with a leading exclamation mark (`!'),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the match list names "any", "none", "localhost", and
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater "localnets" are predefined. More information on those names
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be found in the description of the acl statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The addition of the key clause made the name of this syntactic
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington element something of a misnomer, since security keys can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to validate access without regard to a host or network address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Nonetheless, the term "address match list" is still used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington throughout the documentation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When a given IP address or prefix is compared to an address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match list, the comparison takes place in approximately O(1)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater time. However, key comparisons require that the list of keys
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be traversed until a matching key is found, and therefore may
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be somewhat slower.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The interpretation of a match depends on whether the list is being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used for access control, defining <span><strong class="command">listen-on</strong></span> ports, or in a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">sortlist</strong></span>, and whether the element was negated.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When used as an access control list, a non-negated match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allows access and a negated match denies access. If
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater there is no match, access is denied. The clauses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-notify</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-recursion</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-recursion-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query</strong></span>,
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <span><strong class="command">allow-query-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query-cache</strong></span>,
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater <span><strong class="command">allow-query-cache-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-transfer</strong></span>,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <span><strong class="command">allow-update</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-update-forwarding</strong></span>, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">blackhole</strong></span> all use address match
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington lists. Similarly, the <span><strong class="command">listen-on</strong></span> option will cause the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server to refuse queries on any of the machine's
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater addresses which do not match the list.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Order of insertion is significant. If more than one element
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater in an ACL is found to match a given IP address or prefix,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater preference will be given to the one that came
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>first</em></span> in the ACL definition.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Because of this first-match behavior, an element that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a subset of another element in the list should
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater come before the broader element, regardless of whether
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater either is negated. For example, in
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the 1.2.3.13 element is completely useless because the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater element. Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that problem by having 1.2.3.13 blocked by the negation, but
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all other 1.2.3.* hosts fall through.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<a name="id2573997"></a>Comment Syntax</h3></div></div></div>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater comments to appear
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater anywhere that whitespace may appear in a <acronym class="acronym">BIND</acronym> configuration
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater file. To appeal to programmers of all kinds, they can be written
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<div class="titlepage"><div><div><h4 class="title">
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<a name="id2574012"></a>Syntax</h4></div></div></div>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is a <acronym class="acronym">BIND</acronym> comment as in C++</pre>
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<pre class="programlisting"># This is a <acronym class="acronym">BIND</acronym> comment as in common UNIX shells
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater# and perl</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2574042"></a>Definition and Usage</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Comments may appear anywhere that whitespace may appear in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a <acronym class="acronym">BIND</acronym> configuration file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments start with the two characters /* (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater star) and end with */ (star, slash). Because they are completely
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington delimited with these characters, they can be used to comment only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a portion of a line or to span multiple lines.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater C-style comments cannot be nested. For example, the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is not valid because the entire comment ends with the first */:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is the start of a comment.
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater This is still part of the comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater/* This is an incorrect attempt at nesting a comment. */
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is no longer in any comment. */
f8c47598b87a5eb5ff2ceda6c81d136212d59cefAutomatic Updater C++-style comments start with the two characters // (slash,
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington slash) and continue to the end of the physical line. They cannot
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be continued across multiple physical lines; to have one logical
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment span multiple lines, each line must use the // pair.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting">// This is the start of a comment. The next line
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington// is a new comment, even though it is logically
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington// part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Shell-style (or perl-style, if you prefer) comments start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with the character <code class="literal">#</code> (number sign)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and continue to the end of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater physical line, as in C++ comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting"># This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# is a new comment, even though it is logically
e062b72f783cdb436a1a57a630bdff471dbb3038Mark Andrews# part of the previous comment.
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater You cannot use the semicolon (`;') character
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson to start a comment such as you would in a zone file. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater semicolon indicates the end of a configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <acronym class="acronym">BIND</acronym> 9 configuration consists of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements and comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Statements end with a semicolon. Statements and comments are the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only elements that can appear without enclosing braces. Many
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements contain a block of sub-statements, which are also
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater terminated with a semicolon.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following statements are supported:
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">acl</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews defines a named IP address
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater matching list, for access control and other uses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">controls</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater declares control channels to be used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by the <span><strong class="command">rndc</strong></span> utility.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <p><span><strong class="command">include</strong></span></p>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater includes a file.
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater <p><span><strong class="command">key</strong></span></p>
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington specifies key information for use in
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater authentication and authorization using TSIG.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">logging</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews specifies what the server logs, and where
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews the log messages are sent.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">lwres</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews configures <span><strong class="command">named</strong></span> to
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">masters</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named masters list for
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater inclusion in stub and slave zone masters clauses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">options</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater controls global server configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater options and sets defaults for other statements.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">server</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington sets certain configuration options on
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater a per-server basis.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">statistics-channels</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington declares communication channels to get access to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named</strong></span> statistics.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">trusted-keys</strong></span></p>
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington defines trusted DNSSEC keys.
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater <p><span><strong class="command">managed-keys</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists DNSSEC keys to be kept up to date
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using RFC 5011 trust anchor maintenance.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">view</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a view.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">zone</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines a zone.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater The <span><strong class="command">logging</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statements may only occur once
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson<a name="id2574515"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address_match_list
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">acl</strong></span> statement assigns a symbolic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name to an address match list. It gets its name from a primary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use of address match lists: Access Control Lists (ACLs).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that an address match list's name must be defined
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">acl</strong></span> before it can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater elsewhere; no forward references are allowed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following ACLs are built-in:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">any</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches all hosts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">none</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches no hosts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">localhost</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches the IPv4 and IPv6 addresses of all network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater interfaces on the system.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">localnets</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches any host on an IPv4 or IPv6 network
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for which the system has an interface.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Some systems do not provide a way to determine the prefix
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington local IPv6 addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In such a case, <span><strong class="command">localnets</strong></span>
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater only matches the local
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<a name="id2574773"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
cab3e375b77a980a5d4b7e5e4ee90167439e7934Mark Andrews<pre class="programlisting"><span><strong class="command">controls</strong></span> {
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater [ inet ( ip_addr | * ) [ port ip_port ]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater allow { <em class="replaceable"><code> address_match_list </code></em> }
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater keys { <em class="replaceable"><code>key_list</code></em> }; ]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em>
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater keys { <em class="replaceable"><code>key_list</code></em> }; ]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
bd40cbcd09057ddfd043291aba82a56c90ec2523Automatic Updater<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">controls</strong></span> statement declares control
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater channels to be used by system administrators to control the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater operation of the name server. These control channels are
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson used by the <span><strong class="command">rndc</strong></span> utility to send
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews commands to and retrieve non-DNS results from a name server.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson An <span><strong class="command">inet</strong></span> control channel is a TCP socket
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson listening at the specified <span><strong class="command">ip_port</strong></span> on the
d912d1139efa8410785f0fc88dfb7dc7fbaae6deMark Andrews specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
3d3088c228153b21af8c278c46294217c545dc45Mark Andrews address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater interpreted as the IPv4 wildcard address; connections will be
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater accepted on any of the system's IPv4 addresses.
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater To listen on the IPv6 wildcard address,
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
282e38d96feb488fddbbc0b0409491094786977fMark Andrews If you will only use <span><strong class="command">rndc</strong></span> on the local host,
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater using the loopback address (<code class="literal">127.0.0.1</code>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater or <code class="literal">::1</code>) is recommended for maximum security.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If no port is specified, port 953 is used. The asterisk
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews The ability to issue commands over the control channel is
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews restricted by the <span><strong class="command">allow</strong></span> and
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews <span><strong class="command">keys</strong></span> clauses.
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews Connections to the control channel are permitted based on the
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews <span><strong class="command">address_match_list</strong></span>. This is for simple
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews IP address based filtering only; any <span><strong class="command">key_id</strong></span>
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews elements of the <span><strong class="command">address_match_list</strong></span>
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews are ignored.
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater A <span><strong class="command">unix</strong></span> control channel is a UNIX domain
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater socket listening at the specified path in the file system.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Note on some platforms (SunOS and Solaris) the permissions
10b4a0c3a4eec1b22b990c0a0595fbda51f54e94Automatic Updater (<span><strong class="command">perm</strong></span>) are applied to the parent directory
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews as the permissions on the socket itself are ignored.
b795291f8ea5bc2c8470cc34f82e8c570337308aAutomatic Updater The primary authorization mechanism of the command
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews channel is the <span><strong class="command">key_list</strong></span>, which
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews contains a list of <span><strong class="command">key_id</strong></span>s.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews is authorized to execute commands over the control channel.
f36bdaf5a7cbb029a8fe035fa9ade140bae98087Automatic Updater See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews for information about configuring keys in <span><strong class="command">rndc</strong></span>.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews If no <span><strong class="command">controls</strong></span> statement is present,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">named</strong></span> will set up a default
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews control channel listening on the loopback address 127.0.0.1
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews and its IPv6 counterpart ::1.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews In this case, and also when the <span><strong class="command">controls</strong></span> statement
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews is present but does not have a <span><strong class="command">keys</strong></span> clause,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">named</strong></span> will attempt to load the command channel key
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews from the file <code class="filename">rndc.key</code> in
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews was specified as when <acronym class="acronym">BIND</acronym> was built).
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews To create a <code class="filename">rndc.key</code> file, run
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <strong class="userinput"><code>rndc-confgen -a</code></strong>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <code class="filename">rndc.key</code> feature was created to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ease the transition of systems from <acronym class="acronym">BIND</acronym> 8,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews which did not have digital signatures on its command channel
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews It makes it possible to use an existing <acronym class="acronym">BIND</acronym> 8
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configuration file in <acronym class="acronym">BIND</acronym> 9 unchanged,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and still have <span><strong class="command">rndc</strong></span> work the same way
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Since the <code class="filename">rndc.key</code> feature
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only intended to allow the backward-compatible usage of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <acronym class="acronym">BIND</acronym> 8 configuration files, this
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews feature does not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews have a high degree of configurability. You cannot easily change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the key name or the size of the secret, so you should make a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> with your own key if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wish to change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews those things. The <code class="filename">rndc.key</code> file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews also has its
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions set such that only the owner of the file (the user that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> is running as) can access it.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews desire greater flexibility in allowing other users to access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">rndc</strong></span> commands, then you need to create
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> file and make it group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews readable by a group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that contains the users who should have access.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To disable the command channel, use an empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls</strong></span> statement:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls { };</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575132"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575149"></a><span><strong class="command">include</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">include</strong></span> statement inserts the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified file at the point where the <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement is encountered. The <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement facilitates the administration of configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews by permitting the reading or writing of some things but not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews others. For example, the statement could include private keys
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that are readable only by the name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575173"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575196"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement defines a shared
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or the command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement can occur at the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the configuration file or inside a <span><strong class="command">view</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement. Keys defined in top-level <span><strong class="command">key</strong></span>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews statements can be used in all views. Keys intended for use in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews must be defined at the top level.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>key_id</code></em>, also known as the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews key name, is a domain name uniquely identifying the key. It can
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be used in a <span><strong class="command">server</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement to cause requests sent to that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server to be signed with this key, or in address match lists to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews verify that incoming requests have been signed with a key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews matching this name, algorithm, and secret.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>algorithm_id</code></em> is a string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that specifies a security/authentication algorithm. Named
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews supports <code class="literal">hmac-md5</code>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and <code class="literal">hmac-sha512</code> TSIG authentication.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Truncated hashes are supported by appending the minimum
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews number of required bits preceded by a dash, e.g.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>secret_string</code></em> is the secret
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to be used by the algorithm, and is treated as a base-64
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews encoded string.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575287"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">logging</strong></span> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">stderr</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">null</strong></span> );
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575413"></a><span><strong class="command">logging</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">logging</strong></span> statement configures a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews associates output methods, format options and severity levels with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a name that can then be used with the <span><strong class="command">category</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to select how various classes of messages are logged.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Only one <span><strong class="command">logging</strong></span> statement is used to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the logging configuration will be:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category default { default_syslog; default_debug; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category unmatched { null; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In <acronym class="acronym">BIND</acronym> 9, the logging configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only established when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews established as soon as the <span><strong class="command">logging</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was parsed. When the server is starting up, all logging messages
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews regarding syntax errors in the configuration file go to the default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channels, or to standard error if the "<code class="option">-g</code>" option
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h4 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575465"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews you can make as many of them as you want.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Every channel definition must include a destination clause that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews says whether messages selected for the channel go to a file, to a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews particular syslog facility, to the standard error stream, or are
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews discarded. It can optionally also limit the message severity level
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that will be accepted by the channel (the default is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">info</strong></span>), and whether to include a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span>-generated time stamp, the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington category name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and/or severity level (the default is not to include any).
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">null</strong></span> destination clause
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews causes all messages sent to the channel to be discarded;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews in that case, other options for the channel are meaningless.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">file</strong></span> destination clause directs
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews to a disk file. It can include limitations
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews both on how large the file is allowed to become, and how many
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews of the file will be saved each time the file is opened.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews If you use the <span><strong class="command">versions</strong></span> log file
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews option, then
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">named</strong></span> will retain that many backup
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews versions of the file by
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews renaming them when opening. For example, if you choose to keep
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews three old versions
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews of the file <code class="filename">lamers.log</code>, then just
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews before it is opened
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="filename">lamers.log.1</code> is renamed to
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater renamed to <code class="filename">lamers.log.0</code>.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater You can say <span><strong class="command">versions unlimited</strong></span> to
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater the number of versions.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater If a <span><strong class="command">size</strong></span> option is associated with
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater then renaming is only done when the file being opened exceeds the
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater indicated size. No backup versions are kept by default; any
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater log file is simply appended.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater The <span><strong class="command">size</strong></span> option for files is used
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater associated with it. If backup versions are kept, the files are
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater described above and a new one begun. If there is no
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater <span><strong class="command">versions</strong></span> option, no more data will
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater be written to the log
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater until some out-of-band mechanism removes or truncates the log to
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater maximum size. The default behavior is not to limit the size of
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Example usage of the <span><strong class="command">size</strong></span> and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">versions</strong></span> options:
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater<pre class="programlisting">channel an_example_channel {
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater file "example.log" versions 3 size 20m;
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater print-time yes;
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson print-category yes;
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews The <span><strong class="command">syslog</strong></span> destination clause
94df856897945fe58f130ba78765c57308bc5400Automatic Updater channel to the system log. Its argument is a
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews syslog facility as described in the <span><strong class="command">syslog</strong></span> man
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">local7</strong></span>, however not all facilities
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews are supported on
da93950363b307b718d156514b95b9df93a63776Mark Andrews all operating systems.
da93950363b307b718d156514b95b9df93a63776Mark Andrews How <span><strong class="command">syslog</strong></span> will handle messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater then this clause is silently ignored.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "priorities", except that they can also be used if you are writing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater straight to a file rather than using <span><strong class="command">syslog</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages which are not at least of the severity level given will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not be selected for the channel; messages of higher severity
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will be accepted.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will also determine what eventually passes through. For example,
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater cause messages of severity <span><strong class="command">info</strong></span> and
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">notice</strong></span> to
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater messages of only <span><strong class="command">warning</strong></span> or higher,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater then <span><strong class="command">syslogd</strong></span> would
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater print all messages it received from the channel.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater The <span><strong class="command">stderr</strong></span> destination clause
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater channel to the server's standard error stream. This is intended
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater use when the server is running as a foreground process, for
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater when debugging a configuration.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The server can supply extensive debugging information when
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater it is in debugging mode. If the server's global debug level is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater than zero, then debugging mode will be active. The global debug
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level is set either by starting the <span><strong class="command">named</strong></span> server
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater with the <code class="option">-d</code> flag followed by a positive integer,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater or by running <span><strong class="command">rndc trace</strong></span>.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The global debug level
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater can be set to zero, and debugging mode turned off, by running <span><strong class="command">rndc
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaternotrace</strong></span>. All debugging messages in the server have a debug
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level, and higher debug levels give more detailed output. Channels
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater that specify a specific debug severity, for example:
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">channel specific_debug_level {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity debug 3;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will get debugging output of level 3 or less any time the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater server is in debugging mode, regardless of the global debugging
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level. Channels with <span><strong class="command">dynamic</strong></span>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity use the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater server's global debug level to determine what messages to print.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater If <span><strong class="command">print-time</strong></span> has been turned on,
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater the date and time will be logged. <span><strong class="command">print-time</strong></span> may
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater be specified for a <span><strong class="command">syslog</strong></span> channel,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater but is usually
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater pointless since <span><strong class="command">syslog</strong></span> also logs
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater time. If <span><strong class="command">print-category</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater requested, then the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater be used in any combination, and will always be printed in the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater order: time, category, severity. Here is an example where all
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater three <span><strong class="command">print-</strong></span> options
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <code class="computeroutput">28-Feb-2000 15:05:32.863 general: notice: running</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater There are four predefined channels that are used for
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">named</strong></span>'s default logging as follows.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">channel default_syslog {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // send to syslog's daemon facility
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater syslog daemon;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // only send priority info and higher
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity info;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterchannel default_debug {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // write to named.run in the working directory
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // Note: stderr is used instead of "named.run" if
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // the server is started with the '-f' option.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // log at the server's current debug level
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity dynamic;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterchannel default_stderr {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // writes to stderr
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // only send priority info and higher
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity info;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // toss anything sent to this channel
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The <span><strong class="command">default_debug</strong></span> channel has the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater property that it only produces output when the server's debug
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater nonzero. It normally writes to a file called <code class="filename">named.run</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater in the server's working directory.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater For security reasons, when the "<code class="option">-u</code>"
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater command line option is used, the <code class="filename">named.run</code> file
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater is created only after <span><strong class="command">named</strong></span> has
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater changed to the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater starting up and still running as root is discarded. If you need
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater to capture this output, you must run the server with the "<code class="option">-g</code>"
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater option and redirect standard error to a file.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater Once a channel is defined, it cannot be redefined. Thus you
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater cannot alter the built-in channels directly, but you can modify
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater the default logging by pointing categories at channels you have
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<div class="titlepage"><div><div><h4 class="title">
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater There are many categories, so you can send the logs you want
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater to see wherever you want, without seeing logs you don't want. If
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater you don't specify a list of channels for a category, then log
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater in that category will be sent to the <span><strong class="command">default</strong></span> category
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater instead. If you don't specify a default category, the following
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater "default default" is used:
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">category default { default_syslog; default_debug; };
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater As an example, let's say you want to log security events to
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater a file, but you also want keep the default logging behavior. You'd
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater specify the following:
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">channel my_security_channel {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater file "my_security_file";
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity info;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updatercategory security {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater my_security_channel;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater default_syslog;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater default_debug;
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater<pre class="programlisting">category xfer-out { null; };
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updatercategory notify { null; };
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater Following are the available categories and brief descriptions
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater of the types of log information they contain. More
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater categories may be added in future <acronym class="acronym">BIND</acronym> releases.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<div class="informaltable"><table border="1">
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <p><span><strong class="command">default</strong></span></p>
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater The default category defines the logging
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater options for those categories where no specific
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater configuration has been
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater <p><span><strong class="command">general</strong></span></p>
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater The catch-all. Many things still aren't
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater classified into categories, and they all end up here.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">database</strong></span></p>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt Messages relating to the databases used
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater internally by the name server to store zone and cache
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater <p><span><strong class="command">security</strong></span></p>
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater Approval and denial of requests.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">config</strong></span></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Configuration file parsing and processing.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">resolver</strong></span></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews DNS resolution, such as the recursive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lookups performed on behalf of clients by a caching name
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">xfer-in</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Zone transfers the server is receiving.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">xfer-out</strong></span></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Zone transfers the server is sending.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">notify</strong></span></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews The NOTIFY protocol.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">client</strong></span></p>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews Processing of client requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">unmatched</strong></span></p>
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson Messages that <span><strong class="command">named</strong></span> was unable to determine the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews class of or for which there was no matching <span><strong class="command">view</strong></span>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
5f7e0eb1cb917b788906d3e2aa01bfc4885dcae4Mark Andrews This category is best sent to a file or stderr, by
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews default it is sent to
15ae68f3db8261770fc33b8e0f83f5d8c7021e84Mark Andrews the <span><strong class="command">null</strong></span> channel.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <p><span><strong class="command">network</strong></span></p>
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater Network operations.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">update</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dynamic updates.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">update-security</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Approval and denial of update requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">queries</strong></span></p>
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater Specify where queries should be logged to.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater At startup, specifying the category <span><strong class="command">queries</strong></span> will also
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater enable query logging unless <span><strong class="command">querylog</strong></span> option has been
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater The query log entry reports the client's IP
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater address and port number, and the query name,
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater class and type. Next it reports whether the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Recursion Desired flag was set (+ if set, -
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater if not set), if the query was signed (S),
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater EDNS was in use (E), if TCP was used (T), if
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater DO (DNSSEC Ok) was set (D), or if CD (Checking
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater Disabled) was set (C). After this the
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater destination address the query was sent to is
251d3066008b31dc3662414a7e469b10c33e8e18Automatic Updater <code class="computeroutput">client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</code>
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater <code class="computeroutput">client ::1#62537: query: www.example.net IN AAAA -SE</code>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">query-errors</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Information about queries that resulted in some
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">dispatch</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dispatching of incoming packets to the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater server modules where they are to be processed.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">dnssec</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater DNSSEC and TSIG protocol processing.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <p><span><strong class="command">lame-servers</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Lame servers. These are misconfigurations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in remote servers, discovered by BIND 9 when trying to
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater query those servers during resolution.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">delegation-only</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Delegation only. Logs queries that have been
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater forced to NXDOMAIN as the result of a
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater delegation-only zone or a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">delegation-only</strong></span> in a hint
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or stub zone declaration.
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater <p><span><strong class="command">edns-disabled</strong></span></p>
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater Log queries that have been forced to use plain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS due to timeouts. This is often due to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the remote servers not being RFC 1034 compliant
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews (not always returning FORMERR or similar to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS queries and other extensions to the DNS
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater when they are not understood). In other words, this is
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater targeted at servers that fail to respond to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS queries that they don't understand.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Note: the log message can also be due to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater packet loss. Before reporting servers for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater non-RFC 1034 compliance they should be re-tested
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to determine the nature of the non-compliance.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater This testing should prevent or reduce the
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater number of false-positive reports.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Note: eventually <span><strong class="command">named</strong></span> will have to stop
b1dc6282fe2d34975c8cb0435b4583071b6d1158Automatic Updater treating such timeouts as due to RFC 1034 non
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater compliance and start treating it as plain
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater packet loss. Falsely classifying packet
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater loss as due to RFC 1034 non compliance impacts
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater on DNSSEC validation which requires EDNS for
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater the DNSSEC records to be returned.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2576961"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater The <span><strong class="command">query-errors</strong></span> category is
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater specifically intended for debugging purposes: To identify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater why and how specific queries result in responses which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater indicate an error.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages of this category are therefore only logged
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">debug</strong></span> levels.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 1 or higher, each response with the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rcode of SERVFAIL is logged as follows:
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater <code class="computeroutput">client 127.0.0.1#61502: query failed (SERVFAIL) for www.example.com/IN/AAAA at query.c:3880</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This means an error resulting in SERVFAIL was
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater detected at line 3880 of source file
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater Log messages of this level will particularly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater help identify the cause of SERVFAIL for an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authoritative server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 2 or higher, detailed context
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater information of recursive resolutions that resulted in
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater SERVFAIL is logged.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater The log message will look like as follows:
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updaterfetch completed at resolver.c:2970 for www.example.com/A
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterin 30.000183: timed out/success [domain:example.com,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterreferral:2,restart:7,qrysent:8,timeout:5,lame:0,neterr:0,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterbadresp:1,adberr:0,findfail:0,valfail:0]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The first part before the colon shows that a recursive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolution for AAAA records of www.example.com completed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in 30.000183 seconds and the final result that led to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SERVFAIL was determined at line 2970 of source file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following part shows the detected final result and the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater latest result of DNSSEC validation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The latter is always success when no validation attempt
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater In this example, this query resulted in SERVFAIL probably
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater because all name servers are down or unreachable, leading
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater to a timeout in 30 seconds.
1b670d35282f1b9352692ad212be3c0aa97b0689Automatic Updater DNSSEC validation was probably not attempted.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The last part enclosed in square brackets shows statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater information collected for this particular resolution
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <code class="varname">domain</code> field shows the deepest zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that the resolver reached;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it is the zone where the error was finally detected.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The meaning of the other fields is summarized in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following table.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater <p><code class="varname">referral</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of referrals the resolver received
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater throughout the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In the above example this is 2, which are most
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">restart</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of cycles that the resolver tried
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater remote servers at the <code class="varname">domain</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In each cycle the resolver sends one query
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (possibly resending it, depending on the response)
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater to each known name server of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="varname">domain</code> zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">qrysent</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of queries the resolver sent at the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">timeout</code></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater The number of timeouts since the resolver
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater received the last response.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater The number of lame servers the resolver detected
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at the <code class="varname">domain</code> zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A server is detected to be lame either by an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater invalid response or as a result of lookup in
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater BIND9's address database (ADB), where lame
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater servers are cached.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">neterr</code></p>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater The number of erroneous results that the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson resolver encountered in sending queries
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson at the <code class="varname">domain</code> zone.
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews One common case is the remote server is
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater unreachable and the resolver receives an ICMP
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater unreachable error message.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">badresp</code></p>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater The number of unexpected responses (other than
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <code class="varname">lame</code>) to queries sent by the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater resolver at the <code class="varname">domain</code> zone.
3c5dffc581c882235485cf5eaf7cd6a5e07548bfAutomatic Updater <p><code class="varname">adberr</code></p>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Failures in finding remote server addresses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the <code class="varname">domain</code> zone in the ADB.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater One common case of this is that the remote
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater server's name does not have any address records.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <p><code class="varname">findfail</code></p>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater Failures of resolving remote server addresses.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater This is a total number of failures throughout
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">valfail</code></p>
3c5dffc581c882235485cf5eaf7cd6a5e07548bfAutomatic Updater Failures of DNSSEC validation.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Validation failures are counted throughout
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the resolution process (not limited to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="varname">domain</code> zone), but should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only happen in <code class="varname">domain</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 3 or higher, the same messages
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater as those at the debug 1 level are logged for other errors
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater than SERVFAIL.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Note that negative responses such as NXDOMAIN are not
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater regarded as errors here.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater At the debug levels of 4 or higher, the same messages
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater as those at the debug 2 level are logged for other errors
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater than SERVFAIL.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Unlike the above case of level 3, messages are logged for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater negative responses.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater This is because any unexpected results can be difficult to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater debug in the recursion case.
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577480"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater This is the grammar of the <span><strong class="command">lwres</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement in the <code class="filename">named.conf</code> file:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> ndots <em class="replaceable"><code>number</code></em>; </span>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater<div class="titlepage"><div><div><h3 class="title">
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<a name="id2577554"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">lwres</strong></span> statement configures the
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater server to also act as a lightweight resolver server. (See
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>.) There may be multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">lwres</strong></span> statements configuring
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver servers with different properties.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater The <span><strong class="command">listen-on</strong></span> statement specifies a
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater addresses (and ports) that this instance of a lightweight resolver
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should accept requests on. If no port is specified, port 921 is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this statement is omitted, requests will be accepted on
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater The <span><strong class="command">view</strong></span> statement binds this
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver daemon to a view in the DNS namespace, so that
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater response will be constructed in the same manner as a normal DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater matching this view. If this statement is omitted, the default view
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used, and if there is no default view, an error is triggered.
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater The <span><strong class="command">search</strong></span> statement is equivalent to
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater <span><strong class="command">search</strong></span> statement in
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <code class="filename">/etc/resolv.conf</code>. It provides a
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater list of domains
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater which are appended to relative names in queries.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater The <span><strong class="command">ndots</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ndots</strong></span> statement in
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater <code class="filename">/etc/resolv.conf</code>. It indicates the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington number of dots in a relative domain name that should result in an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater exact match lookup before search path elements are appended.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<div class="titlepage"><div><div><h3 class="title">
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<a name="id2577686"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577730"></a><span><strong class="command">masters</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span><strong class="command">masters</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists allow for a common set of masters to be easily used by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater multiple stub and slave zones.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577745"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater This is the grammar of the <span><strong class="command">options</strong></span>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater statement in the <code class="filename">named.conf</code> file:
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<pre class="programlisting"><span><strong class="command">options</strong></span> {
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> attach-cache <em class="replaceable"><code>cache_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
788778633d6d67dee01b68a5827f8e655f2c276bMark Andrews [<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater [<span class="optional"> directory <em class="replaceable"><code>path_name</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> named-xfer <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-gssapi-credential <em class="replaceable"><code>principal</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> tkey-domain <em class="replaceable"><code>domainname</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> cache-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dump-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> bindkeys-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> memstatistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> pid-file <em class="replaceable"><code>path_name</code></em>; </span>]
9d330c054e02f52cefd8dc0e71550b0fe07e077eAutomatic Updater [<span class="optional"> recursing-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fake-iquery <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fetch-glue <em class="replaceable"><code>yes_or_no</code></em>; </span>]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater [<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater [<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> ixfr-from-differences (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">master</code> | <code class="constant">slave</code>); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater [<span class="optional"> dnssec-validation <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
83a97deac2c474a2e8fd60326135236fe267069cAutomatic Updater [<span class="optional"> dnssec-accept-expired <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews [<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ... }; </span>]
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater [<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em>; </span>]
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater [<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater [<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> allow-query-cache-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater [<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater [<span class="optional"> dnskey-ksk-only <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ;</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater [<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater [<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater [<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater [<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce0fd07045292942bfa3e755d9ce596941528a63Automatic Updater [<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
6a6965084d061016f7ba44637c7c50e096cac36aAutomatic Updater [<span class="optional"> reserved-sockets <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> transfers-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> notify-delay <em class="replaceable"><code>seconds</code></em> ; </span>]
0c42fc3acc95ea284cf1bfdf6869d1836756ebb9Automatic Updater [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater [<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> datasize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> files <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> stacksize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater [<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater [<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater [<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> min-roots <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater [<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater [<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em>; </span>]
f0ecd0e64ffa2a8afef95d81275d46a845f15402Automatic Updater [<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater [<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> filter-aaaa-on-v4 ( <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>break-dnssec</code></em> ); </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> max-udp-size <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater [<span class="optional"> querylog <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>;
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> acache-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater [<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington [<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-server <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-contact <em class="replaceable"><code>name</code></em> ; </span>]
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater [<span class="optional"> empty-zones-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-empty-zone <em class="replaceable"><code>zone_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zero-no-soa-ttl-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [<span class="optional"> deny-answer-addresses { <em class="replaceable"><code>address_match_list</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deny-answer-aliases { <em class="replaceable"><code>namelist</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">options</strong></span> statement sets up global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be used by <acronym class="acronym">BIND</acronym>. This statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may appear only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater once in a configuration file. If there is no <span><strong class="command">options</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement, an options block with each option set to its default will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">attach-cache</strong></span></span></dt>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Allows multiple views to share a single cache
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Each view has its own cache database by default, but
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson if multiple views have the same operational policy
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews for name resolution and caching, those views can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater share a single cache to save memory and possibly
be7f27304337afbf078e8bd8db0f951a33abe33bAndreas Gustafsson improve resolution efficiency by using this option.
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater The <span><strong class="command">attach-cache</strong></span> option
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington may also be specified in <span><strong class="command">view</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements, in which case it overrides the
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington global <span><strong class="command">attach-cache</strong></span> option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <em class="replaceable"><code>cache_name</code></em> specifies
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater the cache to be shared.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater When the <span><strong class="command">named</strong></span> server configures
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater views which are supposed to share a cache, it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater creates a cache with the specified name for the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater first view of these sharing views.
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater The rest of the views will simply refer to the
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater already created cache.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews One common configuration to share a cache would be to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews allow all views to share a single cache.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson This can be done by specifying
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater the <span><strong class="command">attach-cache</strong></span> as a global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater option with an arbitrary name.
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater Another possible operation is to allow a subset of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all views to share a cache while the others to
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater retain their own caches.
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater For example, if there are three views A, B, and C,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and only A and B should share a cache, specify the
a9638b6e8997c3c96a23a7df973aa126061ff34fAutomatic Updater <span><strong class="command">attach-cache</strong></span> option as a view A (or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater B)'s option, referring to the other view name:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater // this view has its own cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater // this view refers to A's cache
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater attach-cache "A";
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater // this view has its own cache
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater Views that share a cache must have the same policy
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on configurable parameters that may affect caching.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The current implementation requires the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configurable options be consistent among these
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">check-names</strong></span>,
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater <span><strong class="command">cleaning-interval</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dnssec-accept-expired</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dnssec-validation</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-cache-ttl</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-ncache-ttl</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-cache-size</strong></span>, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">zero-no-soa-ttl</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that there may be other parameters that may
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington cause confusion if they are inconsistent for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater different views that share a single cache.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews For example, if these views define different sets of
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews forwarders that can return different answers for the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews same question, sharing the answer does not make
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews sense or could even be harmful.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews It is administrator's responsibility to ensure
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews configuration differences in different views do
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews not cause disruption with a shared cache.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">directory</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The working directory of the server.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Any non-absolute pathnames in the configuration file will be
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews as relative to this directory. The default location for most
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews output files (e.g. <code class="filename">named.run</code>)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews is this directory.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews If a directory is not specified, the working directory
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews defaults to `<code class="filename">.</code>', the directory from
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews which the server
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews was started. The directory specified should be an absolute
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews When performing dynamic update of secure zones, the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews directory where the public and private DNSSEC key files
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews should be found, if different than the current working
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews directory. (Note that this option has no effect on the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews paths for files containing non-DNSSEC keys such as
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews <span class="emphasis"><em>This option is obsolete.</em></span> It
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews was used in <acronym class="acronym">BIND</acronym> 8 to specify
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the pathname to the <span><strong class="command">named-xfer</strong></span>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews program. In <acronym class="acronym">BIND</acronym> 9, no separate
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">named-xfer</strong></span> program is needed;
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews its functionality is built into the name server.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">tkey-gssapi-credential</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The security credential with which the server should
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews authenticate keys requested by the GSS-TSIG protocol.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Currently only Kerberos 5 authentication is available
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews and the credential is a Kerberos principal which
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the server can acquire through the default system
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key file, normally <code class="filename">/etc/krb5.keytab</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Normally this principal is of the form
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "<strong class="userinput"><code>dns/</code></strong><code class="varname">server.domain</code>".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To use GSS-TSIG, <span><strong class="command">tkey-domain</strong></span>
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson must also be set.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson<dt><span class="term"><span><strong class="command">tkey-domain</strong></span></span></dt>
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson The domain appended to the names of all shared keys
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater generated with <span><strong class="command">TKEY</strong></span>. When a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater client requests a <span><strong class="command">TKEY</strong></span> exchange,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it may or may not specify the desired name for the
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson key. If present, the name of the shared key will
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater be <code class="varname">client specified part</code> +
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">tkey-domain</code>. Otherwise, the
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson name of the shared key will be <code class="varname">random hex
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater digits</code> + <code class="varname">tkey-domain</code>.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson In most cases, the <span><strong class="command">domainname</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should be the server's domain name, or an otherwise
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater non-existent subdomain like
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "_tkey.<code class="varname">domainname</code>". If you are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using GSS-TSIG, this variable must be defined.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="term"><span><strong class="command">tkey-dhkey</strong></span></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson The Diffie-Hellman key used by the server
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater to generate shared keys with clients using the Diffie-Hellman
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater of <span><strong class="command">TKEY</strong></span>. The server must be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater able to load the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington public and private keys from files in the working directory.
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews most cases, the keyname should be the server's host name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">cache-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is for testing only. Do not use.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<dt><span class="term"><span><strong class="command">dump-file</strong></span></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson The pathname of the file the server dumps
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson the database to when instructed to do so with
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews <span><strong class="command">rndc dumpdb</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named_dump.db</code>.
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater<dt><span class="term"><span><strong class="command">memstatistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes memory
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater usage statistics to on exit. If not specified,
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews the default is <code class="filename">named.memstats</code>.
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson<dt><span class="term"><span><strong class="command">pid-file</strong></span></span></dt>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater The pathname of the file the server writes its process ID
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews in. If not specified, the default is
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater <code class="filename">/var/run/named/named.pid</code>.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater The PID file is used by programs that want to send signals to
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater name server. Specifying <span><strong class="command">pid-file none</strong></span> disables the
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater use of a PID file — no file will be written and any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater existing one will be removed. Note that <span><strong class="command">none</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is a keyword, not a filename, and therefore is not enclosed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater double quotes.
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater<dt><span class="term"><span><strong class="command">recursing-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server dumps
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the queries that are currently recursing when instructed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to do so with <span><strong class="command">rndc recursing</strong></span>.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater If not specified, the default is <code class="filename">named.recursing</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">statistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server appends statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named.stats</code> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's current directory. The format of the file is
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="term"><span><strong class="command">bindkeys-file</strong></span></span></dt>
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater The pathname of a file to override the built-in trusted
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews keys provided by <span><strong class="command">named</strong></span>.
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater See the discussion of <span><strong class="command">dnssec-lookaside</strong></span>
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews for details. If not specified, the default is
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater <code class="filename">/etc/bind.keys</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">session-keyfile</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file into which to write a TSIG
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater session key generated by <span><strong class="command">named</strong></span> for use by
(See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>, and in
<a name="root_delegation_only"></a><span class="term"><span><strong class="command">root-delegation-only</strong></span></span>
Note some TLDs are not delegation only (e.g. "DE", "LV",
<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
for memory leaks on exit. <acronym class="acronym">BIND</acronym> 9 ignores the option and always performs
happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
<span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
<span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
<span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
and additional data sections when they are required (e.g.
changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span><strong class="command">\n</strong></span>"
<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
if known, even though they are not in the example.com zone.
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
When <strong class="userinput"><code>yes</code></strong> and the server loads a new version of a master
addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, <span><strong class="command">named</strong></span> will
when the serial number on the master is less than what <span><strong class="command">named</strong></span>
Enable DNSSEC support in <span><strong class="command">named</strong></span>. Unless set to <strong class="userinput"><code>yes</code></strong>,
<dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
Specify whether query logging should be started when <span><strong class="command">named</strong></span>
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl-cache</strong></span></span></dt>
stacked, then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<dt><span class="term"><span><strong class="command">allow-query-cache-on</strong></span></span></dt>
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
unless <span><strong class="command">-6</strong></span> is specified when <span><strong class="command">named</strong></span> is
<span><strong class="command">named</strong></span> will listen on port 53 on all IPv6 interfaces by default.
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
<dt><span class="term"><span><strong class="command">queryport-pool-ports</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">queryport-pool-updateinterval</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called “Query Address”</a> about how the
to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
interfaces <span><strong class="command">named</strong></span> listens on, <span><strong class="command">tcp-clients</strong></span> as well as
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
to the behavior of the address sort in <acronym class="acronym">BIND</acronym> 4.9.x. Responses sent
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
If no name is specified, the default is "<span><strong class="command">*</strong></span>" (asterisk).
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
result of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>) will expire. There
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
<a name="clients-per-query"></a><span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
before dropping additional clients. <span><strong class="command">named</strong></span> will attempt to
If the number of queries exceed this value, <span><strong class="command">named</strong></span> will
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
<span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
Specifying <span><strong class="command">server-id hostname;</strong></span> will cause <span><strong class="command">named</strong></span> to
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
name (i.e., the CNAME alias or the substituted query name
for example, even if "example.com" is specified for
returned by an "example.com" server will be accepted.
For example, if you own a domain named "example.net" and
deny-answer-aliases { "example.net"; };
network look up an IPv4 address of "attacker.example.com",
internal web server "www.example.net" and the
it will be accepted since the owner name "www.example.net"
"example.net".
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> query-source [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
that is advertised by <span><strong class="command">named</strong></span> when querying the remote server.
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="statschannels"></a><span><strong class="command">statistics-channels</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2587892"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
<a name="id2588046"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2588166"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
DNSSEC security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A security root is defined when the
<a name="id2588213"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2588264"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
<a name="id2588568"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com
zone "example.com" {
file "example-external.db";
<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-policy <em class="replaceable"><code>local</code></em> | { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnskey-ksk-only <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>] // Not Implemented.
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
<a name="id2590278"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
status of infrastructure zones (e.g. COM,
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query-on</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-integrity</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-sibling</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">zero-no-soa-ttl</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">update-check-ksk</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dnskey-ksk-only</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">try-tcp-refresh</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<span><strong class="command">max-journal-size</strong></span> in <a href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called “Server Resource Limits”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">notify-delay</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-nodes</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
<span><strong class="command">sig-signing-signatures</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-type</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
(see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
<a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>).
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">secure-to-insecure</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2596009"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2596025"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2596154"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2596224"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2596260"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
HOST-1.EXAMPLE. MX 0 .
HOST-2.EXAMPLE. A 1.2.3.2
HOST-2.EXAMPLE. MX 0 .
HOST-3.EXAMPLE. A 1.2.3.3
HOST-3.EXAMPLE. MX 0 .
HOST-127.EXAMPLE. A 1.2.3.127
HOST-127.EXAMPLE. MX 0 .
(<span><strong class="command">n</strong></span> or <span><strong class="command">N</strong></span>\
The <span><strong class="command">$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
(see <a href="Bv9ARM.ch06.html#statschannels" title="statistics-channels Statement Grammar">the section called “<span><strong class="command">statistics-channels</strong></span> Statement Grammar”</a>.)
<a href="Bv9ARM.ch06.html#clients-per-query"><span><strong class="command">clients-per-query</strong></span></a>.)
<a name="id2600738"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<td width="40%" align="left" valign="top">Chapter�5.�The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver�</td>