Bv9ARM.ch06.html revision fdd80e9a55c70b36a3bf3e409b86897301c44ff8
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - purpose with or without fee is hereby granted, provided that the above
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater - copyright notice and this permission notice appear in all copies.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater<!-- $Id: Bv9ARM.ch06.html,v 1.251 2010/01/08 01:14:08 tbox Exp $ -->
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>Chapter�6.�BIND 9 Configuration Reference</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<table width="100%" summary="Navigation header">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<tr><th colspan="3" align="center">Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</th></tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
9d330c054e02f52cefd8dc0e71550b0fe07e077eAutomatic Updater<div class="titlepage"><div><div><h2 class="title">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="Bv9ARM.ch06"></a>Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</h2></div></div></div>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573932">Comment Syntax</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574518"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574776"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575136"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575153"><span><strong class="command">include</strong></span> Statement Definition and
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575176"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575200"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575290"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575416"><span><strong class="command">logging</strong></span> Statement Definition and
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577483"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577557"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577689"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577733"><span><strong class="command">masters</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577748"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588122"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588277"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588328"><span><strong class="command">trusted-keys</strong></span> Statement Definition
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588375"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588494"><span><strong class="command">managed-keys</strong></span> Statement Definition
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588867"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590440"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2593176">Zone File</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595406">Discussion of MX Records</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595954">Inverse Mapping in IPv4</a></span></dt>
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596149">Other Zone File Directives</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596422"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <acronym class="acronym">BIND</acronym> 9 configuration is broadly similar
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to <acronym class="acronym">BIND</acronym> 8; however, there are a few new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of configuration, such as views. <acronym class="acronym">BIND</acronym>
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater 8 configuration files should work with few alterations in <acronym class="acronym">BIND</acronym>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 9, although more complex configurations should be reviewed to check
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater if they can be more efficiently implemented using the new features
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater found in <acronym class="acronym">BIND</acronym> 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <acronym class="acronym">BIND</acronym> 4 configuration files can be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater converted to the new format
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using the shell script
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
7262eb86f2b465822206122921e2f357218f0cfdAutomatic Updater<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Following is a list of elements used throughout the <acronym class="acronym">BIND</acronym> configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file documentation:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The name of an <code class="varname">address_match_list</code> as
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater defined by the <span><strong class="command">acl</strong></span> statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">address_match_list</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of one or more
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater or <code class="varname">acl_name</code> elements, see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews A named list of one or more <code class="varname">ip_addr</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with optional <code class="varname">key_id</code> and/or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">masters_list</code> may include other
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson A quoted string which will be used as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a DNS name, for example "<code class="literal">my.test.domain</code>".
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews A list of one or more <code class="varname">domain_name</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">dotted_decimal</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One to four integers valued 0 through
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IPv4 address with exactly four elements
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in <code class="varname">dotted_decimal</code> notation.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington IPv6 scoped addresses that have ambiguity on their
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington scope zones must be disambiguated by an appropriate
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zone ID with the percent character (`%') as
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington delimiter. It is strongly recommended to use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington string zone names rather than numeric identifiers,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in order to be robust against system configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington changes. However, since there is no standard
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mapping for such names and identifier values,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington currently only interface names as link identifiers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are supported, assuming one-to-one mapping between
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces and links. For example, a link-local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington address <span><strong class="command">fe80::1</strong></span> on the link
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attached to the interface <span><strong class="command">ne0</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Note that on most systems link-local addresses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington always have the ambiguity, and need to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disambiguated.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IP port <code class="varname">number</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <code class="varname">number</code> is limited to 0
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington through 65535, with values
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington below 1024 typically restricted to use by processes running
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In some cases, an asterisk (`*') character can be used as a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater placeholder to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater select a random high-numbered port.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IP network specified as an <code class="varname">ip_addr</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a slash (`/') and then the number of bits in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Trailing zeros in a <code class="varname">ip_addr</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For example, <span><strong class="command">127/8</strong></span> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington network <span><strong class="command">127.0.0.0</strong></span> with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When specifying a prefix involving a IPv6 scoped address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the scope may be omitted. In that case the prefix will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington match packets from any scope.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">domain_name</code> representing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the name of a shared key, to be used for transaction
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A list of one or more
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington separated by semicolons and ending with a semicolon.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A non-negative 32-bit integer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (i.e., a number between 0 and 4294967295, inclusive).
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews Its acceptable value might further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be limited by the context in which it is used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A quoted string which will be used as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of an <code class="varname">ip_port</code> or a port
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A port range is specified in the form of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>range</code></strong> followed by
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <code class="varname">port_high</code>, which represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington port numbers from <code class="varname">port_low</code> through
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <code class="varname">port_high</code>, inclusive.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <code class="varname">port_low</code> must not be larger than
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews For example,
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <strong class="userinput"><code>range 1024 65535</code></strong> represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ports from 1024 through 65535.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington In either case an asterisk (`*') character is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington allowed as a valid <code class="varname">ip_port</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A number, the word <strong class="userinput"><code>unlimited</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or the word <strong class="userinput"><code>default</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the limit that was in force when the server was started.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">number</code> can optionally be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a scaling factor:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for kilobytes,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for megabytes, and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater which scale by 1024, 1024*1024, and 1024*1024*1024
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater The value must be representable as a 64-bit unsigned integer
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater (0 to 18446744073709551615, inclusive).
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Using <code class="varname">unlimited</code> is the best
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington to safely set a really large number.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <strong class="userinput"><code>0</code></strong>.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <code class="varname">dialup_option</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One of <strong class="userinput"><code>yes</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater <strong class="userinput"><code>passive</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are restricted to slave and stub zones.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573630"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address_match_list_element; ... </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key key_id | acl_name | { address_match_list } )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573658"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Address match lists are primarily used to determine access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control for various server operations. They are also used in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements. The elements which constitute an address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list can be any of the following:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a key ID, as defined by the <span><strong class="command">key</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>the name of an address match list defined with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">acl</strong></span> statement
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li>a nested address match list enclosed in braces</li>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Elements can be negated with a leading exclamation mark (`!'),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the match list names "any", "none", "localhost", and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "localnets" are predefined. More information on those names
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater can be found in the description of the acl statement.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The addition of the key clause made the name of this syntactic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater element something of a misnomer, since security keys can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to validate access without regard to a host or network address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Nonetheless, the term "address match list" is still used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater throughout the documentation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When a given IP address or prefix is compared to an address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington match list, the comparison takes place in approximately O(1)
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater time. However, key comparisons require that the list of keys
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be traversed until a matching key is found, and therefore may
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater be somewhat slower.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The interpretation of a match depends on whether the list is being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used for access control, defining <span><strong class="command">listen-on</strong></span> ports, or in a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">sortlist</strong></span>, and whether the element was negated.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When used as an access control list, a non-negated match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allows access and a negated match denies access. If
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater there is no match, access is denied. The clauses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-notify</strong></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-recursion</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-recursion-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query</strong></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-query-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query-cache</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query-cache-on</strong></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-transfer</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-update</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-update-forwarding</strong></span>, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">blackhole</strong></span> all use address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists. Similarly, the <span><strong class="command">listen-on</strong></span> option will cause the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server to refuse queries on any of the machine's
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington addresses which do not match the list.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Order of insertion is significant. If more than one element
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in an ACL is found to match a given IP address or prefix,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater preference will be given to the one that came
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>first</em></span> in the ACL definition.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Because of this first-match behavior, an element that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a subset of another element in the list should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater come before the broader element, regardless of whether
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater either is negated. For example, in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews the 1.2.3.13 element is completely useless because the
f8c47598b87a5eb5ff2ceda6c81d136212d59cefAutomatic Updater algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington element. Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that problem by having 1.2.3.13 blocked by the negation, but
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all other 1.2.3.* hosts fall through.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2573932"></a>Comment Syntax</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington comments to appear
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington anywhere that whitespace may appear in a <acronym class="acronym">BIND</acronym> configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington file. To appeal to programmers of all kinds, they can be written
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2573947"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting">// This is a <acronym class="acronym">BIND</acronym> comment as in C++</pre>
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<pre class="programlisting"># This is a <acronym class="acronym">BIND</acronym> comment as in common UNIX shells
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# and perl</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater<a name="id2573977"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Comments may appear anywhere that whitespace may appear in
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews a <acronym class="acronym">BIND</acronym> configuration file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments start with the two characters /* (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater star) and end with */ (star, slash). Because they are completely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delimited with these characters, they can be used to comment only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a portion of a line or to span multiple lines.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments cannot be nested. For example, the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is not valid because the entire comment ends with the first */:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is the start of a comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This is still part of the comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater/* This is an incorrect attempt at nesting a comment. */
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is no longer in any comment. */
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C++-style comments start with the two characters // (slash,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington slash) and continue to the end of the physical line. They cannot
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater be continued across multiple physical lines; to have one logical
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment span multiple lines, each line must use the // pair.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">// This is the start of a comment. The next line
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington// is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Shell-style (or perl-style, if you prefer) comments start
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews with the character <code class="literal">#</code> (number sign)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and continue to the end of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington physical line, as in C++ comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater You cannot use the semicolon (`;') character
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington to start a comment such as you would in a zone file. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater semicolon indicates the end of a configuration
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews A <acronym class="acronym">BIND</acronym> 9 configuration consists of
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews statements and comments.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Statements end with a semicolon. Statements and comments are the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews only elements that can appear without enclosing braces. Many
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews statements contain a block of sub-statements, which are also
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews terminated with a semicolon.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The following statements are supported:
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">acl</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named IP address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater matching list, for access control and other uses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">controls</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater declares control channels to be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by the <span><strong class="command">rndc</strong></span> utility.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">include</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater includes a file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">key</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specifies key information for use in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington authentication and authorization using TSIG.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">logging</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specifies what the server logs, and where
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the log messages are sent.
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington <p><span><strong class="command">lwres</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configures <span><strong class="command">named</strong></span> to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">masters</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named masters list for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inclusion in stub and slave zone masters clauses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">options</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington controls global server configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington options and sets defaults for other statements.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <p><span><strong class="command">server</strong></span></p>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson sets certain configuration options on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a per-server basis.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <p><span><strong class="command">statistics-channels</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington declares communication channels to get access to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named</strong></span> statistics.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">trusted-keys</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines trusted DNSSEC keys.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">managed-keys</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists DNSSEC keys to be kept up to date
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using RFC 5011 trust anchor maintenance.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">view</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a view.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">zone</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">logging</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statements may only occur once
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2574518"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
81c3cb9b921cda22a5a35fa32ca1bf35797b9a36Automatic Updater<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address_match_list
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
bd40cbcd09057ddfd043291aba82a56c90ec2523Automatic Updater The <span><strong class="command">acl</strong></span> statement assigns a symbolic
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson name to an address match list. It gets its name from a primary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use of address match lists: Access Control Lists (ACLs).
a070512005933acaf17f635c6371e555425d9641Automatic Updater Note that an address match list's name must be defined
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">acl</strong></span> before it can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater elsewhere; no forward references are allowed.
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews The following ACLs are built-in:
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="informaltable"><table border="1">
282e38d96feb488fddbbc0b0409491094786977fMark Andrews <p><span><strong class="command">any</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches all hosts.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews <p><span><strong class="command">none</strong></span></p>
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews Matches no hosts.
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater <p><span><strong class="command">localhost</strong></span></p>
10b4a0c3a4eec1b22b990c0a0595fbda51f54e94Automatic Updater Matches the IPv4 and IPv6 addresses of all network
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews interfaces on the system.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <p><span><strong class="command">localnets</strong></span></p>
21f8d40dbd9be951555f46b0bfa23571c5a9b913Automatic Updater Matches any host on an IPv4 or IPv6 network
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews for which the system has an interface.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Some systems do not provide a way to determine the prefix
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews local IPv6 addresses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews In such a case, <span><strong class="command">localnets</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews only matches the local
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2574776"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">controls</strong></span> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ inet ( ip_addr | * ) [ port ip_port ]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews allow { <em class="replaceable"><code> address_match_list </code></em> }
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews keys { <em class="replaceable"><code>key_list</code></em> }; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ inet ...; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews keys { <em class="replaceable"><code>key_list</code></em> }; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ unix ...; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">controls</strong></span> statement declares control
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channels to be used by system administrators to control the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews operation of the name server. These control channels are
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews used by the <span><strong class="command">rndc</strong></span> utility to send
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews commands to and retrieve non-DNS results from a name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews An <span><strong class="command">inet</strong></span> control channel is a TCP socket
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews listening at the specified <span><strong class="command">ip_port</strong></span> on the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews interpreted as the IPv4 wildcard address; connections will be
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews accepted on any of the system's IPv4 addresses.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To listen on the IPv6 wildcard address,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews If you will only use <span><strong class="command">rndc</strong></span> on the local host,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews using the loopback address (<code class="literal">127.0.0.1</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or <code class="literal">::1</code>) is recommended for maximum security.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews If no port is specified, port 953 is used. The asterisk
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The ability to issue commands over the control channel is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews restricted by the <span><strong class="command">allow</strong></span> and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">keys</strong></span> clauses.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Connections to the control channel are permitted based on the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">address_match_list</strong></span>. This is for simple
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews IP address based filtering only; any <span><strong class="command">key_id</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews elements of the <span><strong class="command">address_match_list</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews are ignored.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews A <span><strong class="command">unix</strong></span> control channel is a UNIX domain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews socket listening at the specified path in the file system.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Note on some platforms (SunOS and Solaris) the permissions
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (<span><strong class="command">perm</strong></span>) are applied to the parent directory
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as the permissions on the socket itself are ignored.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The primary authorization mechanism of the command
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channel is the <span><strong class="command">key_list</strong></span>, which
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews contains a list of <span><strong class="command">key_id</strong></span>s.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is authorized to execute commands over the control channel.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews for information about configuring keys in <span><strong class="command">rndc</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews If no <span><strong class="command">controls</strong></span> statement is present,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will set up a default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews control channel listening on the loopback address 127.0.0.1
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and its IPv6 counterpart ::1.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In this case, and also when the <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is present but does not have a <span><strong class="command">keys</strong></span> clause,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will attempt to load the command channel key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from the file <code class="filename">rndc.key</code> in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified as when <acronym class="acronym">BIND</acronym> was built).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To create a <code class="filename">rndc.key</code> file, run
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <strong class="userinput"><code>rndc-confgen -a</code></strong>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <code class="filename">rndc.key</code> feature was created to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews ease the transition of systems from <acronym class="acronym">BIND</acronym> 8,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews which did not have digital signatures on its command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews It makes it possible to use an existing <acronym class="acronym">BIND</acronym> 8
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configuration file in <acronym class="acronym">BIND</acronym> 9 unchanged,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and still have <span><strong class="command">rndc</strong></span> work the same way
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Since the <code class="filename">rndc.key</code> feature
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only intended to allow the backward-compatible usage of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <acronym class="acronym">BIND</acronym> 8 configuration files, this
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews feature does not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews have a high degree of configurability. You cannot easily change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the key name or the size of the secret, so you should make a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> with your own key if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wish to change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews those things. The <code class="filename">rndc.key</code> file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews also has its
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions set such that only the owner of the file (the user that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> is running as) can access it.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews desire greater flexibility in allowing other users to access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">rndc</strong></span> commands, then you need to create
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> file and make it group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews readable by a group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that contains the users who should have access.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To disable the command channel, use an empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls</strong></span> statement:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls { };</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575136"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575153"></a><span><strong class="command">include</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">include</strong></span> statement inserts the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified file at the point where the <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement is encountered. The <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement facilitates the administration of configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews by permitting the reading or writing of some things but not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews others. For example, the statement could include private keys
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that are readable only by the name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575176"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575200"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement defines a shared
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or the command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement can occur at the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the configuration file or inside a <span><strong class="command">view</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement. Keys defined in top-level <span><strong class="command">key</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statements can be used in all views. Keys intended for use in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews must be defined at the top level.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>key_id</code></em>, also known as the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews key name, is a domain name uniquely identifying the key. It can
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be used in a <span><strong class="command">server</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement to cause requests sent to that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server to be signed with this key, or in address match lists to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews verify that incoming requests have been signed with a key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews matching this name, algorithm, and secret.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>algorithm_id</code></em> is a string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that specifies a security/authentication algorithm. Named
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews supports <code class="literal">hmac-md5</code>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <code class="literal">hmac-sha512</code> TSIG authentication.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Truncated hashes are supported by appending the minimum
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews number of required bits preceded by a dash, e.g.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <em class="replaceable"><code>secret_string</code></em> is the secret
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to be used by the algorithm, and is treated as a base-64
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews encoded string.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<div class="titlepage"><div><div><h3 class="title">
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<a name="id2575290"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<pre class="programlisting"><span><strong class="command">logging</strong></span> {
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews | <span><strong class="command">stderr</strong></span>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews | <span><strong class="command">null</strong></span> );
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater <em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<a name="id2575416"></a><span><strong class="command">logging</strong></span> Statement Definition and
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater The <span><strong class="command">logging</strong></span> statement configures a
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater associates output methods, format options and severity levels with
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater a name that can then be used with the <span><strong class="command">category</strong></span> phrase
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater to select how various classes of messages are logged.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater Only one <span><strong class="command">logging</strong></span> statement is used to
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater the logging configuration will be:
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater category default { default_syslog; default_debug; };
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater category unmatched { null; };
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson In <acronym class="acronym">BIND</acronym> 9, the logging configuration
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater is only established when
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater established as soon as the <span><strong class="command">logging</strong></span>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson was parsed. When the server is starting up, all logging messages
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews regarding syntax errors in the configuration file go to the default
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews channels, or to standard error if the "<code class="option">-g</code>" option
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews was specified.
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews<div class="titlepage"><div><div><h4 class="title">
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews<a name="id2575468"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater you can make as many of them as you want.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Every channel definition must include a destination clause that
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews says whether messages selected for the channel go to a file, to a
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews particular syslog facility, to the standard error stream, or are
da93950363b307b718d156514b95b9df93a63776Mark Andrews discarded. It can optionally also limit the message severity level
da93950363b307b718d156514b95b9df93a63776Mark Andrews that will be accepted by the channel (the default is
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">info</strong></span>), and whether to include a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named</strong></span>-generated time stamp, the
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews and/or severity level (the default is not to include any).
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater The <span><strong class="command">null</strong></span> destination clause
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater causes all messages sent to the channel to be discarded;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in that case, other options for the channel are meaningless.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">file</strong></span> destination clause directs
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to a disk file. It can include limitations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater both on how large the file is allowed to become, and how many
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater of the file will be saved each time the file is opened.
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater If you use the <span><strong class="command">versions</strong></span> log file
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater <span><strong class="command">named</strong></span> will retain that many backup
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater versions of the file by
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater renaming them when opening. For example, if you choose to keep
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater three old versions
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater of the file <code class="filename">lamers.log</code>, then just
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater before it is opened
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater <code class="filename">lamers.log.1</code> is renamed to
c51b419ad4ebc3997e16ddb8760245fc8ebf522bAutomatic Updater <code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
8af4db0817e439e428880b71ec188a75f9adbe98Mark Andrews to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews renamed to <code class="filename">lamers.log.0</code>.
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews You can say <span><strong class="command">versions unlimited</strong></span> to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the number of versions.
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater If a <span><strong class="command">size</strong></span> option is associated with
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont the log file,
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater then renaming is only done when the file being opened exceeds the
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater indicated size. No backup versions are kept by default; any
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater log file is simply appended.
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater The <span><strong class="command">size</strong></span> option for files is used
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews associated with it. If backup versions are kept, the files are
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews described above and a new one begun. If there is no
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <span><strong class="command">versions</strong></span> option, no more data will
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be written to the log
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews until some out-of-band mechanism removes or truncates the log to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews less than the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews maximum size. The default behavior is not to limit the size of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Example usage of the <span><strong class="command">size</strong></span> and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <span><strong class="command">versions</strong></span> options:
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<pre class="programlisting">channel an_example_channel {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews file "example.log" versions 3 size 20m;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews print-time yes;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater print-category yes;
f459d71198c95aee14506310947bbbf495ed2553Automatic Updater The <span><strong class="command">syslog</strong></span> destination clause
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews channel to the system log. Its argument is a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews syslog facility as described in the <span><strong class="command">syslog</strong></span> man
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">local7</strong></span>, however not all facilities
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews are supported on
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews all operating systems.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater How <span><strong class="command">syslog</strong></span> will handle messages
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews then this clause is silently ignored.
90eba8a49d580f9e718983fa39d8e5ee483558c9Automatic Updater The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "priorities", except that they can also be used if you are writing
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater straight to a file rather than using <span><strong class="command">syslog</strong></span>.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Messages which are not at least of the severity level given will
208e504ca5f57d0fb0e14db81994b3c497063190Automatic Updater not be selected for the channel; messages of higher severity
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington will be accepted.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington will also determine what eventually passes through. For example,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington cause messages of severity <span><strong class="command">info</strong></span> and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">notice</strong></span> to
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater messages of only <span><strong class="command">warning</strong></span> or higher,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater then <span><strong class="command">syslogd</strong></span> would
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater print all messages it received from the channel.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">stderr</strong></span> destination clause
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews channel to the server's standard error stream. This is intended
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson use when the server is running as a foreground process, for
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews when debugging a configuration.
15ae68f3db8261770fc33b8e0f83f5d8c7021e84Mark Andrews The server can supply extensive debugging information when
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews it is in debugging mode. If the server's global debug level is
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews than zero, then debugging mode will be active. The global debug
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater level is set either by starting the <span><strong class="command">named</strong></span> server
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews with the <code class="option">-d</code> flag followed by a positive integer,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or by running <span><strong class="command">rndc trace</strong></span>.
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington The global debug level
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews can be set to zero, and debugging mode turned off, by running <span><strong class="command">rndc
8ce463bc15cde5b488f0c58699c5de7a058abcc1Automatic Updaternotrace</strong></span>. All debugging messages in the server have a debug
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson level, and higher debug levels give more detailed output. Channels
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater that specify a specific debug severity, for example:
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews<pre class="programlisting">channel specific_debug_level {
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews severity debug 3;
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews will get debugging output of level 3 or less any time the
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews server is in debugging mode, regardless of the global debugging
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews level. Channels with <span><strong class="command">dynamic</strong></span>
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater severity use the
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews server's global debug level to determine what messages to print.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews If <span><strong class="command">print-time</strong></span> has been turned on,
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater the date and time will be logged. <span><strong class="command">print-time</strong></span> may
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater be specified for a <span><strong class="command">syslog</strong></span> channel,
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater but is usually
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson pointless since <span><strong class="command">syslog</strong></span> also logs
981fd9903a13ba8b13e181a9eee51f228c7204c1Automatic Updater time. If <span><strong class="command">print-category</strong></span> is
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews requested, then the
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews be used in any combination, and will always be printed in the
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews order: time, category, severity. Here is an example where all
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson three <span><strong class="command">print-</strong></span> options
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="computeroutput">28-Feb-2000 15:05:32.863 general: notice: running</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews There are four predefined channels that are used for
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">named</strong></span>'s default logging as follows.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<pre class="programlisting">channel default_syslog {
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater // send to syslog's daemon facility
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews syslog daemon;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // only send priority info and higher
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity info;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewschannel default_debug {
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater // write to named.run in the working directory
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater // Note: stderr is used instead of "named.run" if
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews // the server is started with the '-f' option.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // log at the server's current debug level
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity dynamic;
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafssonchannel default_stderr {
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater // writes to stderr
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // only send priority info and higher
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity info;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewschannel null {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // toss anything sent to this channel
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews The <span><strong class="command">default_debug</strong></span> channel has the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews property that it only produces output when the server's debug
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson nonzero. It normally writes to a file called <code class="filename">named.run</code>
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater in the server's working directory.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews For security reasons, when the "<code class="option">-u</code>"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews command line option is used, the <code class="filename">named.run</code> file
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews is created only after <span><strong class="command">named</strong></span> has
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews changed to the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews starting up and still running as root is discarded. If you need
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater to capture this output, you must run the server with the "<code class="option">-g</code>"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews option and redirect standard error to a file.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Once a channel is defined, it cannot be redefined. Thus you
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews cannot alter the built-in channels directly, but you can modify
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the default logging by pointing categories at channels you have
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h4 class="title">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews There are many categories, so you can send the logs you want
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to see wherever you want, without seeing logs you don't want. If
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews you don't specify a list of channels for a category, then log
d30cacd81fba215923a09fae58461983142efe8bAutomatic Updater in that category will be sent to the <span><strong class="command">default</strong></span> category
d30cacd81fba215923a09fae58461983142efe8bAutomatic Updater instead. If you don't specify a default category, the following
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews "default default" is used:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">category default { default_syslog; default_debug; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews As an example, let's say you want to log security events to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews a file, but you also want keep the default logging behavior. You'd
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews specify the following:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">channel my_security_channel {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews file "my_security_file";
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity info;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory security {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews my_security_channel;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews default_syslog;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews default_debug;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">category xfer-out { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory notify { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Following are the available categories and brief descriptions
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews of the types of log information they contain. More
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews categories may be added in future <acronym class="acronym">BIND</acronym> releases.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">default</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The default category defines the logging
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson options for those categories where no specific
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater configuration has been
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">general</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The catch-all. Many things still aren't
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews classified into categories, and they all end up here.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">database</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Messages relating to the databases used
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews internally by the name server to store zone and cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">security</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Approval and denial of requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">config</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Configuration file parsing and processing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">resolver</strong></span></p>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews DNS resolution, such as the recursive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lookups performed on behalf of clients by a caching name
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">xfer-in</strong></span></p>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Zone transfers the server is receiving.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">xfer-out</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is sending.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">notify</strong></span></p>
f345258dabf4e8ad8a1573c56810f52fca50f5d4Mark Andrews The NOTIFY protocol.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">client</strong></span></p>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Processing of client requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">unmatched</strong></span></p>
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews Messages that <span><strong class="command">named</strong></span> was unable to determine the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews class of or for which there was no matching <span><strong class="command">view</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson This category is best sent to a file or stderr, by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater default it is sent to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the <span><strong class="command">null</strong></span> channel.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">network</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Network operations.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">update</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Dynamic updates.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">update-security</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Approval and denial of update requests.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <p><span><strong class="command">queries</strong></span></p>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Specify where queries should be logged to.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At startup, specifying the category <span><strong class="command">queries</strong></span> will also
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews enable query logging unless <span><strong class="command">querylog</strong></span> option has been
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The query log entry reports the client's IP
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews address and port number, and the query name,
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews class and type. Next it reports whether the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Recursion Desired flag was set (+ if set, -
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson if not set), if the query was signed (S),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS was in use (E), if TCP was used (T), if
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews DO (DNSSEC Ok) was set (D), or if CD (Checking
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Disabled) was set (C). After this the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater destination address the query was sent to is
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="computeroutput">client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="computeroutput">client ::1#62537: query: www.example.net IN AAAA -SE</code>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <p><span><strong class="command">query-errors</strong></span></p>
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews Information about queries that resulted in some
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">dispatch</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dispatching of incoming packets to the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews server modules where they are to be processed.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <p><span><strong class="command">dnssec</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNSSEC and TSIG protocol processing.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">lame-servers</strong></span></p>
85c594efe4c8d4a8c7335754d7989d0d7e00661cAutomatic Updater Lame servers. These are misconfigurations
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews in remote servers, discovered by BIND 9 when trying to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews query those servers during resolution.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <p><span><strong class="command">delegation-only</strong></span></p>
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews Delegation only. Logs queries that have been
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews forced to NXDOMAIN as the result of a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delegation-only zone or a
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <span><strong class="command">delegation-only</strong></span> in a hint
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or stub zone declaration.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">edns-disabled</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Log queries that have been forced to use plain
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson DNS due to timeouts. This is often due to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the remote servers not being RFC 1034 compliant
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews (not always returning FORMERR or similar to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS queries and other extensions to the DNS
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews when they are not understood). In other words, this is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater targeted at servers that fail to respond to
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater DNS queries that they don't understand.
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater Note: the log message can also be due to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews packet loss. Before reporting servers for
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews non-RFC 1034 compliance they should be re-tested
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to determine the nature of the non-compliance.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater This testing should prevent or reduce the
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater number of false-positive reports.
a168158d5d68f0210ff2e7fe10c52257027228e0Automatic Updater Note: eventually <span><strong class="command">named</strong></span> will have to stop
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater treating such timeouts as due to RFC 1034 non
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews compliance and start treating it as plain
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews packet loss. Falsely classifying packet
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews loss as due to RFC 1034 non compliance impacts
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater on DNSSEC validation which requires EDNS for
65f40aa6826be815fe71f0f71e51e1ee0e80d56bAutomatic Updater the DNSSEC records to be returned.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2576964"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">query-errors</strong></span> category is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specifically intended for debugging purposes: To identify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater why and how specific queries result in responses which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater indicate an error.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages of this category are therefore only logged
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater with <span><strong class="command">debug</strong></span> levels.
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson At the debug levels of 1 or higher, each response with the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews rcode of SERVFAIL is logged as follows:
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater <code class="computeroutput">client 127.0.0.1#61502: query failed (SERVFAIL) for www.example.com/IN/AAAA at query.c:3880</code>
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater This means an error resulting in SERVFAIL was
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews detected at line 3880 of source file
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater Log messages of this level will particularly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater help identify the cause of SERVFAIL for an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authoritative server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 2 or higher, detailed context
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater information of recursive resolutions that resulted in
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater SERVFAIL is logged.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The log message will look like as follows:
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updaterfetch completed at resolver.c:2970 for www.example.com/A
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updaterin 30.000183: timed out/success [domain:example.com,
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updaterreferral:2,restart:7,qrysent:8,timeout:5,lame:0,neterr:0,
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updaterbadresp:1,adberr:0,findfail:0,valfail:0]
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater The first part before the colon shows that a recursive
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater resolution for AAAA records of www.example.com completed
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater in 30.000183 seconds and the final result that led to the
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews SERVFAIL was determined at line 2970 of source file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following part shows the detected final result and the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater latest result of DNSSEC validation.
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater The latter is always success when no validation attempt
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In this example, this query resulted in SERVFAIL probably
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater because all name servers are down or unreachable, leading
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to a timeout in 30 seconds.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNSSEC validation was probably not attempted.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The last part enclosed in square brackets shows statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater information collected for this particular resolution
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater The <code class="varname">domain</code> field shows the deepest zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that the resolver reached;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it is the zone where the error was finally detected.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The meaning of the other fields is summarized in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following table.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">referral</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of referrals the resolver received
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater throughout the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In the above example this is 2, which are most
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">restart</code></p>
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater The number of cycles that the resolver tried
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater remote servers at the <code class="varname">domain</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In each cycle the resolver sends one query
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (possibly resending it, depending on the response)
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater to each known name server of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="varname">domain</code> zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">qrysent</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of queries the resolver sent at the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">timeout</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of timeouts since the resolver
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater received the last response.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of lame servers the resolver detected
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at the <code class="varname">domain</code> zone.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater A server is detected to be lame either by an
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater invalid response or as a result of lookup in
bbb069be941f649228760edcc241122933c066d2Automatic Updater BIND9's address database (ADB), where lame
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater servers are cached.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater <p><code class="varname">neterr</code></p>
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater The number of erroneous results that the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver encountered in sending queries
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater at the <code class="varname">domain</code> zone.
9a0529a96f1c97e5056f0c31d604279ca8fdbdc7Automatic Updater One common case is the remote server is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater unreachable and the resolver receives an ICMP
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater unreachable error message.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">badresp</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of unexpected responses (other than
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">lame</code>) to queries sent by the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver at the <code class="varname">domain</code> zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">adberr</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures in finding remote server addresses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the <code class="varname">domain</code> zone in the ADB.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One common case of this is that the remote
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's name does not have any address records.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">findfail</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures of resolving remote server addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is a total number of failures throughout
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">valfail</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures of DNSSEC validation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Validation failures are counted throughout
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the resolution process (not limited to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="varname">domain</code> zone), but should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only happen in <code class="varname">domain</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 3 or higher, the same messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as those at the debug 1 level are logged for other errors
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater than SERVFAIL.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that negative responses such as NXDOMAIN are not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater regarded as errors here.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 4 or higher, the same messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as those at the debug 2 level are logged for other errors
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater than SERVFAIL.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Unlike the above case of level 3, messages are logged for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater negative responses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is because any unexpected results can be difficult to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater debug in the recursion case.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577483"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is the grammar of the <span><strong class="command">lwres</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement in the <code class="filename">named.conf</code> file:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> ndots <em class="replaceable"><code>number</code></em>; </span>]
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577557"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">lwres</strong></span> statement configures the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server to also act as a lightweight resolver server. (See
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>.) There may be multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">lwres</strong></span> statements configuring
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver servers with different properties.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">listen-on</strong></span> statement specifies a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater addresses (and ports) that this instance of a lightweight resolver
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should accept requests on. If no port is specified, port 921 is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this statement is omitted, requests will be accepted on
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater The <span><strong class="command">view</strong></span> statement binds this
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater lightweight resolver daemon to a view in the DNS namespace, so that
593e8b883a3612fb55eeefd707933cb702531844Automatic Updater response will be constructed in the same manner as a normal DNS
fc3576328379e813ccf6b3a6e66d9bb701a79c83Automatic Updater matching this view. If this statement is omitted, the default view
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater used, and if there is no default view, an error is triggered.
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater The <span><strong class="command">search</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">search</strong></span> statement in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">/etc/resolv.conf</code>. It provides a
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater list of domains
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater which are appended to relative names in queries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">ndots</strong></span> statement is equivalent to
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater <span><strong class="command">ndots</strong></span> statement in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">/etc/resolv.conf</code>. It indicates the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number of dots in a relative domain name that should result in an
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater exact match lookup before search path elements are appended.
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews<div class="titlepage"><div><div><h3 class="title">
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater<a name="id2577689"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
9351aa7eb4e282ba2050bd247ec7dc3139c199d9Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577733"></a><span><strong class="command">masters</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span><strong class="command">masters</strong></span>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater lists allow for a common set of masters to be easily used by
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater multiple stub and slave zones.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577748"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is the grammar of the <span><strong class="command">options</strong></span>
9d330c054e02f52cefd8dc0e71550b0fe07e077eAutomatic Updater statement in the <code class="filename">named.conf</code> file:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">options</strong></span> {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> attach-cache <em class="replaceable"><code>cache_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> directory <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> named-xfer <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-gssapi-credential <em class="replaceable"><code>principal</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-domain <em class="replaceable"><code>domainname</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cache-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dump-file <em class="replaceable"><code>path_name</code></em>; </span>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater [<span class="optional"> bindkeys-file <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> memstatistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> pid-file <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> recursing-file <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> fake-iquery <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fetch-glue <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> ixfr-from-differences (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">master</code> | <code class="constant">slave</code>); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-validation <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-accept-expired <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ... }; </span>]
83d29eff2912ef967596eb5ed148de7668b35564Automatic Updater [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-dup-records ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater [<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater [<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater [<span class="optional"> allow-recursion-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater [<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ;</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater [<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
6a78eb0a8677dca8817233799a715de27f9c2cbbMark Andrews [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
6a78eb0a8677dca8817233799a715de27f9c2cbbMark Andrews [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
9d330c054e02f52cefd8dc0e71550b0fe07e077eAutomatic Updater [<span class="optional"> reserved-sockets <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater [<span class="optional"> transfers-in <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> transfers-out <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater [<span class="optional"> notify-delay <em class="replaceable"><code>seconds</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> datasize <em class="replaceable"><code>size_spec</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> files <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> stacksize <em class="replaceable"><code>size_spec</code></em> ; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-roots <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> use-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
788778633d6d67dee01b68a5827f8e655f2c276bMark Andrews [<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater [<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> filter-aaaa-on-v4 ( <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>break-dnssec</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-udp-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
9d330c054e02f52cefd8dc0e71550b0fe07e077eAutomatic Updater [<span class="optional"> querylog <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
2775a809a54d11e1dd4e1b44aca0bcd5de16f8b2Automatic Updater [<span class="optional"> acache-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-server <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-contact <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-zones-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-empty-zone <em class="replaceable"><code>zone_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> zero-no-soa-ttl-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> deny-answer-addresses { <em class="replaceable"><code>address_match_list</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> deny-answer-aliases { <em class="replaceable"><code>namelist</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">options</strong></span> statement sets up global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be used by <acronym class="acronym">BIND</acronym>. This statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may appear only
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews once in a configuration file. If there is no <span><strong class="command">options</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement, an options block with each option set to its default will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">attach-cache</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Allows multiple views to share a single cache
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater Each view has its own cache database by default, but
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if multiple views have the same operational policy
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews for name resolution and caching, those views can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater share a single cache to save memory and possibly
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews improve resolution efficiency by using this option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">attach-cache</strong></span> option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may also be specified in <span><strong class="command">view</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements, in which case it overrides the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater global <span><strong class="command">attach-cache</strong></span> option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <em class="replaceable"><code>cache_name</code></em> specifies
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the cache to be shared.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When the <span><strong class="command">named</strong></span> server configures
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater views which are supposed to share a cache, it
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater creates a cache with the specified name for the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater first view of these sharing views.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The rest of the views will simply refer to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater already created cache.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater One common configuration to share a cache would be to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allow all views to share a single cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This can be done by specifying
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">attach-cache</strong></span> as a global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater option with an arbitrary name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Another possible operation is to allow a subset of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington all views to share a cache while the others to
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater retain their own caches.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater For example, if there are three views A, B, and C,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and only A and B should share a cache, specify the
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater <span><strong class="command">attach-cache</strong></span> option as a view A (or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater B)'s option, referring to the other view name:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater // this view has its own cache
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // this view refers to A's cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater attach-cache "A";
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater // this view has its own cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Views that share a cache must have the same policy
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on configurable parameters that may affect caching.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The current implementation requires the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configurable options be consistent among these
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">check-names</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">cleaning-interval</strong></span>,
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater <span><strong class="command">dnssec-accept-expired</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dnssec-validation</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-cache-ttl</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-ncache-ttl</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">max-cache-size</strong></span>, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">zero-no-soa-ttl</strong></span>.
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater Note that there may be other parameters that may
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cause confusion if they are inconsistent for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater different views that share a single cache.
21386ce160ea276bcc61a14103933fe74ec77193Automatic Updater For example, if these views define different sets of
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater forwarders that can return different answers for the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson same question, sharing the answer does not make
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater sense or could even be harmful.
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater It is administrator's responsibility to ensure
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration differences in different views do
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not cause disruption with a shared cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">directory</strong></span></span></dt>
83a97deac2c474a2e8fd60326135236fe267069cAutomatic Updater The working directory of the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Any non-absolute pathnames in the configuration file will be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as relative to this directory. The default location for most
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater output files (e.g. <code class="filename">named.run</code>)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is this directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a directory is not specified, the working directory
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater defaults to `<code class="filename">.</code>', the directory from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was started. The directory specified should be an absolute
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater When performing dynamic update of secure zones, the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater directory where the public and private DNSSEC key files
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater should be found, if different than the current working
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater directory. (Note that this option has no effect on the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater paths for files containing non-DNSSEC keys such as
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <code class="filename">session.key</code>.)
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>This option is obsolete.</em></span> It
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was used in <acronym class="acronym">BIND</acronym> 8 to specify
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews the pathname to the <span><strong class="command">named-xfer</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater program. In <acronym class="acronym">BIND</acronym> 9, no separate
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named-xfer</strong></span> program is needed;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater its functionality is built into the name server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">tkey-gssapi-credential</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The security credential with which the server should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authenticate keys requested by the GSS-TSIG protocol.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Currently only Kerberos 5 authentication is available
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the credential is a Kerberos principal which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the server can acquire through the default system
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key file, normally <code class="filename">/etc/krb5.keytab</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Normally this principal is of the form
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "<strong class="userinput"><code>dns/</code></strong><code class="varname">server.domain</code>".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To use GSS-TSIG, <span><strong class="command">tkey-domain</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater must also be set.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">tkey-domain</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The domain appended to the names of all shared keys
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater generated with <span><strong class="command">TKEY</strong></span>. When a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater client requests a <span><strong class="command">TKEY</strong></span> exchange,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it may or may not specify the desired name for the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key. If present, the name of the shared key will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be <code class="varname">client specified part</code> +
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater <code class="varname">tkey-domain</code>. Otherwise, the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson name of the shared key will be <code class="varname">random hex
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews digits</code> + <code class="varname">tkey-domain</code>.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson In most cases, the <span><strong class="command">domainname</strong></span>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews should be the server's domain name, or an otherwise
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater non-existent subdomain like
be7f27304337afbf078e8bd8db0f951a33abe33bAndreas Gustafsson "_tkey.<code class="varname">domainname</code>". If you are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using GSS-TSIG, this variable must be defined.
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews<dt><span class="term"><span><strong class="command">tkey-dhkey</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The Diffie-Hellman key used by the server
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington to generate shared keys with clients using the Diffie-Hellman
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of <span><strong class="command">TKEY</strong></span>. The server must be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater able to load the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater public and private keys from files in the working directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater most cases, the keyname should be the server's host name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">cache-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is for testing only. Do not use.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater<dt><span class="term"><span><strong class="command">dump-file</strong></span></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The pathname of the file the server dumps
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson the database to when instructed to do so with
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">rndc dumpdb</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named_dump.db</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">memstatistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes memory
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater usage statistics to on exit. If not specified,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the default is <code class="filename">named.memstats</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">pid-file</strong></span></span></dt>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater The pathname of the file the server writes its process ID
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in. If not specified, the default is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">/var/run/named/named.pid</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The PID file is used by programs that want to send signals to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name server. Specifying <span><strong class="command">pid-file none</strong></span> disables the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use of a PID file — no file will be written and any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater existing one will be removed. Note that <span><strong class="command">none</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is a keyword, not a filename, and therefore is not enclosed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater double quotes.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">recursing-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server dumps
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the queries that are currently recursing when instructed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to do so with <span><strong class="command">rndc recursing</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named.recursing</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">statistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server appends statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named.stats</code> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's current directory. The format of the file is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">bindkeys-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of a file to override the built-in trusted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater keys provided by <span><strong class="command">named</strong></span>.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington See the discussion of <span><strong class="command">dnssec-lookaside</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for details. If not specified, the default is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">session-keyfile</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The pathname of the file into which to write a TSIG
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews session key generated by <span><strong class="command">named</strong></span> for use by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">nsupdate -l</strong></span>. If not specified, the
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews default is <code class="filename">/var/run/named/session.key</code>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews (See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>, and in
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews particular the discussion of the
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews <span><strong class="command">update-policy</strong></span> statement's
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <strong class="userinput"><code>local</code></strong> option for more
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews information about this feature.)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">session-keyname</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The key name to use for the TSIG session key.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews If not specified, the default is "local-ddns".
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="term"><span><strong class="command">session-keyalg</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The algorithm to use for the TSIG session key.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews Valid values are hmac-sha1, hmac-sha224, hmac-sha256,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews hmac-sha384, hmac-sha512 and hmac-md5. If not
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews specified, the default is hmac-sha256.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">session-keyfile</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The pathname of the file into which to write a session TSIG
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews key for use by <span><strong class="command">nsupdate -l</strong></span>. (See the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews discussion of the <span><strong class="command">update-policy</strong></span>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews statement's <strong class="userinput"><code>local</code></strong> option for more
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews details on this feature.)
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="term"><span><strong class="command">port</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews receiving and sending DNS protocol traffic.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The default is 53. This option is mainly intended for server
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews a server using a port other than 53 will not be able to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews communicate with
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the global DNS.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">random-device</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The source of entropy to be used by the server. Entropy is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews primarily needed
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews for DNSSEC operations, such as TKEY transactions and dynamic
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews update of signed
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews zones. This options specifies the device (or file) from which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater entropy. If this is a file, operations requiring entropy will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file has been exhausted. If not specified, the default value
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson (or equivalent) when present, and none otherwise. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">random-device</strong></span> option takes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the initial configuration load at server startup time and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is ignored on subsequent reloads.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson<dt><span class="term"><span><strong class="command">preferred-glue</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If specified, the listed type (A or AAAA) will be emitted
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson before other glue
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the additional section of a query response.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson The default is not to prefer any type (NONE).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="root_delegation_only"></a><span class="term"><span><strong class="command">root-delegation-only</strong></span></span>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Turn on enforcement of delegation-only in TLDs
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson (top level domains) and root zones with an optional
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DS queries are expected to be made to and be answered by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington delegation only zones. Such queries and responses are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater treated as an exception to delegation-only processing
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews and are not converted to NXDOMAIN responses provided
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a CNAME is not discovered at the query name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a delegation only zone server also serves a child
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone it is not always possible to determine whether
bbb069be941f649228760edcc241122933c066d2Automatic Updater an answer comes from the delegation only zone or the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater child zone. SOA NS and DNSKEY records are apex
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson only records and a matching response that contains
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson these records or DS is treated as coming from a
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews child zone. RRSIG records are also examined to see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if they are signed by a child zone or not. The
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews authority section is also examined to see if there
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews is evidence that the answer is from the child zone.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews Answers that are determined to be from a child zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are not converted to NXDOMAIN responses. Despite
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all these checks there is still a possibility of
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews false negatives when a child zone is being served.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Similarly false positives can arise from empty nodes
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater (no records at the name) in the delegation only zone
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews when the query type is not ANY.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Note some TLDs are not delegation only (e.g. "DE", "LV",
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater "US" and "MUSEUM"). This list is not exhaustive.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">disable-algorithms</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Disable the specified DNSSEC algorithms at and below the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Multiple <span><strong class="command">disable-algorithms</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements are allowed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Only the most specific will be applied.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dnssec-lookaside</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When set, <span><strong class="command">dnssec-lookaside</strong></span> provides the
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews validator with an alternate method to validate DNSKEY
2a446e8c5a832275617d73e5090128f73f7e01caAutomatic Updater records at the top of a zone. When a DNSKEY is at or
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater below a domain specified by the deepest
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews <span><strong class="command">dnssec-lookaside</strong></span>, and the normal DNSSEC
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater validation has left the key untrusted, the trust-anchor
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater will be appended to the key name and a DLV record will be
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews looked up to see if it can validate the key. If the DLV
6b12e2e17cc58d3abb9b232a748eac86bba0b437Automatic Updater record validates a DNSKEY (similarly to the way a DS
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews record does) the DNSKEY RRset is deemed to be trusted.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <span><strong class="command">dnssec-lookaside</strong></span> is set to
d8de612c8582bd51d980cb124ddfaa63774e38c9Automatic Updater <strong class="userinput"><code>auto</code></strong>, then built-in default
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater values for the DLV domain and trust anchor will be
40d9598efa56a495aabe77174cdf2429f9b01764Mark Andrews used, along with a built-in key for validation.
<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
for memory leaks on exit. <acronym class="acronym">BIND</acronym> 9 ignores the option and always performs
happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
<span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
<span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
<span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
and additional data sections when they are required (e.g.
changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span><strong class="command">\n</strong></span>"
<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
if known, even though they are not in the example.com zone.
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
When <strong class="userinput"><code>yes</code></strong> and the server loads a new version of a master
addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, <span><strong class="command">named</strong></span> will
when the serial number on the master is less than what <span><strong class="command">named</strong></span>
Enable DNSSEC support in <span><strong class="command">named</strong></span>. Unless set to <strong class="userinput"><code>yes</code></strong>,
<dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
Specify whether query logging should be started when <span><strong class="command">named</strong></span>
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl-cache</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
insecure (i.e., signed to unsigned) by deleting all
stacked, then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<dt><span class="term"><span><strong class="command">allow-query-cache-on</strong></span></span></dt>
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
unless <span><strong class="command">-6</strong></span> is specified when <span><strong class="command">named</strong></span> is
<span><strong class="command">named</strong></span> will listen on port 53 on all IPv6 interfaces by default.
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
<dt><span class="term"><span><strong class="command">queryport-pool-ports</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">queryport-pool-updateinterval</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called “Query Address”</a> about how the
to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
interfaces <span><strong class="command">named</strong></span> listens on, <span><strong class="command">tcp-clients</strong></span> as well as
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
to the behavior of the address sort in <acronym class="acronym">BIND</acronym> 4.9.x. Responses sent
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
If no name is specified, the default is "<span><strong class="command">*</strong></span>" (asterisk).
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
result of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>) will expire. There
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
<a name="clients-per-query"></a><span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
before dropping additional clients. <span><strong class="command">named</strong></span> will attempt to
If the number of queries exceed this value, <span><strong class="command">named</strong></span> will
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
<span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
Specifying <span><strong class="command">server-id hostname;</strong></span> will cause <span><strong class="command">named</strong></span> to
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
name (i.e., the CNAME alias or the substituted query name
for example, even if "example.com" is specified for
returned by an "example.com" server will be accepted.
For example, if you own a domain named "example.net" and
deny-answer-aliases { "example.net"; };
network look up an IPv4 address of "attacker.example.com",
internal web server "www.example.net" and the
it will be accepted since the owner name "www.example.net"
"example.net".
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> query-source [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
that is advertised by <span><strong class="command">named</strong></span> when querying the remote server.
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="statschannels"></a><span><strong class="command">statistics-channels</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2588122"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
<a name="id2588277"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2588328"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
DNSSEC security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A security root is defined when the
<a name="id2588375"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2588494"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
<a name="id2588867"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com
zone "example.com" {
file "example-external.db";
<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-policy <em class="replaceable"><code>local</code></em> | { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>] // Not Implemented.
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
<a name="id2590440"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
status of infrastructure zones (e.g. COM,
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query-on</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-integrity</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-sibling</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">zero-no-soa-ttl</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">update-check-ksk</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
<span><strong class="command">dnssec-dnskey-kskonly</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">try-tcp-refresh</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<span><strong class="command">max-journal-size</strong></span> in <a href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called “Server Resource Limits”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">notify-delay</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-nodes</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
<span><strong class="command">sig-signing-signatures</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-type</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
(see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
<a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>).
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
<span><strong class="command">dnssec-secure-to-insecure</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2596171"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2596256"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2596316"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2596386"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2596422"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
HOST-1.EXAMPLE. MX 0 .
HOST-2.EXAMPLE. A 1.2.3.2
HOST-2.EXAMPLE. MX 0 .
HOST-3.EXAMPLE. A 1.2.3.3
HOST-3.EXAMPLE. MX 0 .
HOST-127.EXAMPLE. A 1.2.3.127
HOST-127.EXAMPLE. MX 0 .
(<span><strong class="command">n</strong></span> or <span><strong class="command">N</strong></span>\
The <span><strong class="command">$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
(see <a href="Bv9ARM.ch06.html#statschannels" title="statistics-channels Statement Grammar">the section called “<span><strong class="command">statistics-channels</strong></span> Statement Grammar”</a>.)
<a href="Bv9ARM.ch06.html#clients-per-query"><span><strong class="command">clients-per-query</strong></span></a>.)
<a name="id2600900"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<td width="40%" align="left" valign="top">Chapter�5.�The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver�</td>