Bv9ARM.ch06.html revision ff5760e233f6ab75e33783b6dd48f961ce04d933
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>BIND 9 Configuration Reference</TITLE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="GENERATOR"
841179549b6433e782c164a562eb3422f603533dAndreas GustafssonCONTENT="Modular DocBook HTML Stylesheet Version 1.61
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonTITLE="BIND 9 Administrator Reference Manual"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceREL="PREVIOUS"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTITLE="The BIND 9 Lightweight Resolver"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTITLE="BIND 9 Security Considerations"
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="chapter"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceBGCOLOR="#FFFFFF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTEXT="#000000"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceLINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVLINK="#840084"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVHEADER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson>BIND 9 Administrator Reference Manual</TH
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="chapter"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Chapter 6. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Configuration Reference</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Table of Contents</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration File Elements</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration File Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone File</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 configuration is broadly similar to <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethere are a few new areas of configuration, such as views. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce8.x configuration files should work with few alterations in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce9, although more complex configurations should be reviewed to check
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif they can be more efficiently implemented using the new features
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefound in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4 configuration files can be converted to the new format
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing the shell script
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1. Configuration File Elements</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following is a list of elements used throughout the <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefile documentation:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>acl_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The name of an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefined by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A list of one or more <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip_prefix</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>acl_name</TT
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce> elements, see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A quoted string which will be used as
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssona DNS name, for example "<TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dotted_decimal</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>One or more integers valued 0 through
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce255 separated only by dots (`.'), such as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>89.123.45.67</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip4_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IPv4 address with exactly four elements
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dotted_decimal</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> notation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip6_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IPv6 address, such as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fe80::200:f8ff:fe01:9742</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip4_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip6_addr</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IP port <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is limited to 0 through 65535, with values
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebelow 1024 typically restricted to root-owned processes. In some
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecases an asterisk (`*') character can be used as a placeholder to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceselect a random high-numbered port.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ip_prefix</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>An IP network specified as an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowed by a slash (`/') and then the number of bits in the netmask.
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceTrailing zeros in a <TT
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceCLASS="varname"
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric Luce> may omitted.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example, <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the network <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>127.0.0.0</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>255.0.0.0</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> with netmask <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>255.255.255.240</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> representing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe name of a shared key, to be used for transaction security.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>key_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A list of one or more <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceseparated by semicolons and ending with a semicolon.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A non-negative integer with an entire
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerange limited by the range of a C language signed integer (2,147,483,647
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon a machine with 32 bit integers). Its acceptable value might further
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe limited by the context in which it is used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A quoted string which will be used as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea pathname, such as <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A number, the word <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor the word <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is that of unsigned long integers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the machine. An <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> requests unlimited
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse, or the maximum available amount. A <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default size_spec</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe limit that was in force when the server was started.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptionally be followed by a scaling factor: <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekilobytes, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemegabytes, and <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for gigabytes,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich scale by 1024, 1024*1024, and 1024*1024*1024 respectively.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestorage overflow is currently silently ignored during conversion
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof scaled values, resulting in values less than intended, possibly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeven negative. Using <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the best way
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto safely set a really large number.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe words <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucealso accepted, as are the numbers <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonVALIGN="MIDDLE"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="varname"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>dialup_option</TT
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonVALIGN="MIDDLE"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>notify-passive</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonWhen used in a zone, <TT
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>notify-passive</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonare restricted to slave and stub zones.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1. Address Match Lists</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1.1. Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> = address_match_list_element ;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address_match_list_element; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list_element</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] (ip_address [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/length</SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce key key_id | acl_name | { address_match_list } )
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.1.2. Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Address match lists are primarily used to determine access
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontrol for various server operations. They are also used to define
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepriorities for querying other nameservers and to set the addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will listen for queries. The elements
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich constitute an address match list can be any of the following:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IP address (IPv4 or IPv6)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IP prefix (in the `/'-notation)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a key ID, as defined by the key statement</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the name of an address match list previously defined with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a nested address match list enclosed in braces</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Elements can be negated with a leading exclamation mark (`!')
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the match list names "any," "none," "localhost" and "localnets"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare predefined. More information on those names can be found in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe description of the acl statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The addition of the key clause made the name of this syntactic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceelement something of a misnomer, since security keys can be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto validate access without regard to a host or network address. Nonetheless,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe term "address match list" is still used throughout the documentation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When a given IP address or prefix is compared to an address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematch list, the list is traversed in order until an element matches.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe interpretation of a match depends on whether the list is being used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor access control, defining listen-on ports, or as a topology,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand whether the element was negated.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When used as an access control list, a non-negated match allows
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaccess and a negated match denies access. If there is no match,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaccess is denied. The clauses <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>blackhole</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse address match lists this. Similarly, the listen-on option will cause
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server to not accept queries on any of the machine's addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich do not match the list.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When used with the topology clause, a non-negated match returns
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea distance based on its position on the list (the closer the match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis to the start of the list, the shorter the distance is between
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit and the server). A negated match will be assigned the maximum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedistance from the server. If there is no match, the address will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceget a distance which is further than any non-negated list element,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand closer than any negated element.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Because of the first-match aspect of the algorithm, an element
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat defines a subset of another element in the list should come
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebefore the broader element, regardless of whether either is negated. For
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> the 1.2.3.13 element is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecompletely useless because the algorithm will match any lookup for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat problem by having 1.2.3.13 blocked by the negation but all
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceother 1.2.3.* hosts fall through.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2. Comment Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 comment syntax allows for comments to appear
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce anywhere that white space may appear in a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file. To appeal to programmers of all kinds, they can be written
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2.1. Syntax</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/* This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in C */</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>// This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in C++</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce># This is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> comment as in common UNIX shells and perl</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.1.2.2. Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Comments may appear anywhere that whitespace may appear in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C-style comments start with the two characters /* (slash,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestar) and end with */ (star, slash). Because they are completely
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedelimited with these characters, they can be used to comment only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea portion of a line or to span multiple lines.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C-style comments cannot be nested. For example, the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not valid because the entire comment ends with the first */:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>/* This is the start of a comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is still part of the comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce/* This is an incorrect attempt at nesting a comment. */
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is no longer in any comment. */
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>C++-style comments start with the two characters // (slash,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceslash) and continue to the end of the physical line. They cannot
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe continued across multiple physical lines; to have one logical
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecomment span multiple lines, each line must use the // pair.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>// This is the start of a comment. The next line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// is a new comment, even though it is logically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// part of the previous comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Shell-style (or perl-style, if you prefer) comments start
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith the character <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (number sign) and continue to the end of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucephysical line, as in C++ comments.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce># This is the start of a comment. The next line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce# is a new comment, even though it is logically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce# part of the previous comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="warning"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="warning"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="CENTER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>WARNING: you cannot use the semicolon (`;') character
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to start a comment such as you would in a zone file. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce semicolon indicates the end of a configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="Configuration_File_Grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2. Configuration File Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 configuration consists of statements and comments.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Statements end with a semicolon. Statements and comments are the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce only elements that can appear without enclosing braces. Many
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statements contain a block of substatements, which are also
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce terminated with a semicolon.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following statements are supported:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a named IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematching list, for access control and other uses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>declares control channels to be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> utility.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>includes a file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>specifies key information for use in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceauthentication and authorization using TSIG.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>specifies what the server logs, and where
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe log messages are sent.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>controls global server configuration
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions and sets defaults for other statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sets certain configuration options on
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea per-server basis.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines trusted DNSSEC keys.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a view.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>defines a zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements may only occur once per
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce configuration.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce address_match_list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement assigns a symbolic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce name to an address match list. It gets its name from a primary
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce use of address match lists: Access Control Lists (ACLs).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Note that an address match list's name must be defined
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> before it can be used elsewhere; no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce forward references are allowed.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following ACLs are built-in:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches no hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>localhost</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches the IP addresses of all interfaces
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>localnets</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches any host on a network for which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe system has an interface.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce inet ( ip_addr | * ) [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> port ip_port </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address_match_list </I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> key_list </I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> inet ...; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonNAME="controls_statement_definition_and_usage"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement declares control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channels to be used by system administrators to affect the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce operation of the local nameserver. These control channels are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce used by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> utility to send commands to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and retrieve non-DNS results from a nameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce socket accessible to the Internet, created at the specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> on the specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. If no port is specified, port 953
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is used by default. "*" cannot be used for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The ability to issue commands over the control channel is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce restricted by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clauses. Connections to the control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channel are permitted based on the address permissions in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce members of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ignored, and instead are interpreted independently based the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is allowed to be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce authenticate commands and responses given over the control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce channel by digitally signing each message between the server and
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce a command client (See <A
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson>Remote Name Daemon Control application</A
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceHREF="Bv9ARM.ch03.html#admin_tools"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce>Section 3.4.1.2</A
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>). All commands to the control channel
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson must be signed by one of its specified keys to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce be honored.</P
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> clause is not strictly required.
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington If it is not present, then a random key will be generated automatically
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington and placed in a file named <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington usually in <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> but will be wherever
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="varname"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>localstatedir</TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> was specified as when
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="acronym"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> was built. <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington contains a complete <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington configuration and is used by <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington cannot find its primary configuration file.</P
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>Similarly, <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> is generated when
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> statement is present at all. In
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington that situation it will configure a control channel to run on
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington 127.0.0.1.</P
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>There are two ways to disable the creation of
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>. One is to ensure that all of your
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> control channels have a <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington clause. The other is to have a <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> phrases it all. The latter will
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington prevent the creation of any control channel.</P
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> feature was created to
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington ease the transition of systems from <SPAN
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="acronym"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington which did not have digital signatures on its command channel messages
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington and thus did not have a <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> clause. Since
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington it is only intended to allow the backward-compatible usage of
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="acronym"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> 8 configuration files, this feature does not
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington have a high degree of configurability. You cannot easily change
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington the key name or the size of the secret, so you should make a
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> with your own key if you wish to change
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington those things. The <TT
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> file also has its
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington permissions set such that only the owner of the file (the user that
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> is running as) can access it. If you
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington desire greater flexibility in allowing other users to access
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> commands then you need to create an
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> and make it group readable by a group
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington that contains the users who should have access.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The UNIX control channel type of <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 is not supported
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
5dccc8b2a55f0222ffda0ff0a981bad4eb0563beAndreas Gustafsson> 9, and is not expected to be added in future
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce releases. If it is present in the controls statement from a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
5dccc8b2a55f0222ffda0ff0a981bad4eb0563beAndreas Gustafsson> 8 configuration file, it is ignored
5dccc8b2a55f0222ffda0ff0a981bad4eb0563beAndreas Gustafsson and a warning is logged.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5dccc8b2a55f0222ffda0ff0a981bad4eb0563beAndreas Gustafsson> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement inserts the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce specified file at the point that the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement is encountered. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statement facilitates the administration of configuration files
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce by permitting the reading or writing of some things but not
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce others. For example, the statement could include private keys
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that are readable only by a nameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce algorithm <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines a shared
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonsecret key for use with TSIG, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.4</A
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statement can occur at the top level
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonof the configuration file or inside a <B
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonstatement. Keys defined in top-level <B
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonstatements can be used in all views. Keys intended for use in
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonHREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson>Section 6.2.4</A
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonmust be defined at the top level.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, also known as the
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonkey name, is a domain name uniquely identifying the key. It can
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonbe used in a "server" statement to cause requests sent to that
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonserver to be signed with this key, or in address match lists to
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonverify that incoming requests have been signed with a key
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonmatching this name, algorithm, and secret.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>algorithm_id</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is a string
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonthat specifies a security/authentication algorithm. The only
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonalgorithm currently supported with TSIG authentication is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>hmac-md5</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>secret_string</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the secret to be
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonused by the algorithm, and is treated as a base-64 encoded
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>syslog_facility</I
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>critical</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-category</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-severity</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel_nam</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement configures a wide
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevariety of logging options for the nameserver. Its <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceassociates output methods, format options and severity levels with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea name that can then be used with the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto select how various classes of messages are logged.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is used to define
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas many channels and categories as are wanted. If there is no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe logging configuration will be:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington category "unmatched" { "null"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce category "default" { "default_syslog"; "default_debug"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, the logging configuration is only established when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe entire configuration file has been parsed. In <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceestablished as soon as the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas parsed. When the server is starting up, all logging messages
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceregarding syntax errors in the configuration file go to the default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannels, or to standard error if the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas specified.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.10.1. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All log output goes to one or more <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceyou can make as many of them as you want.</P
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Every channel definition must include a destination clause that
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonsays whether messages selected for the channel go to a file, to a
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonparticular syslog facility, to the standard error stream, or are
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssondiscarded. It can optionally also limit the message severity level
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonthat will be accepted by the channel (the default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>), and whether to include a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>-generated time stamp, the category name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand/or severity level (the default is not to include any).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> destination clause
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssoncauses all messages sent to the channel to be discarded;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein that case, other options for the channel are meaningless.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> destination clause directs the channel
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonto a disk file. It can include limitations
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceboth on how large the file is allowed to become, and how many versions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the file will be saved each time the file is opened.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you use the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> log file option, then
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> will retain that many backup versions of the file by
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonrenaming them when opening. For example, if you choose to keep 3 old versions
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonof the file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> then just before it is opened
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> is renamed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerenamed to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafsson>versions unlimited;</B
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafssonthe number of versions.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafsson> option is associated with the log file,
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafssonthen renaming is only done when the file being opened exceeds the
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafssonindicated size. No backup versions are kept by default; any existing
ed45f92d10a8b4cdb7d2e5523f9f3f1c5f4b7ae4Andreas Gustafssonlog file is simply appended.</P
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> option for files is used to limit log
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssongrowth. If the file ever exceeds the size, then <B
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonstop writing to the file unless it has a <B
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonassociated with it. If backup versions are kept, the files are rolled as
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssondescribed above and a new one begun. If there is no
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> option, no more data will be written to the log
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonuntil some out-of-band mechanism removes or truncates the log to less than the
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonmaximum size. The default behavior is not to limit the size of the
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas Gustafsson>Example usage of the <B
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas GustafssonCLASS="command"
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "an_example_channel" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file "example.log" versions 3 size 20m;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce print-time yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce print-category yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> destination clause directs the
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonchannel to the system log. Its argument is a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesyslog facility as described in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will handle messages sent to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis facility is described in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepage. If you have a system which uses a very old version of <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly uses two arguments to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>openlog()</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethen this clause is silently ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause works like <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"priorities," except that they can also be used if you are writing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestraight to a file rather than using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceMessages which are not at least of the severity level given will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot be selected for the channel; messages of higher severity levels
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be accepted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you are using <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, then the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill also determine what eventually passes through. For example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefining a channel facility and severity as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly logging <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecause messages of severity <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe dropped. If the situation were reversed, with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemessages of only <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or higher, then <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprint all messages it received from the channel.</P
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> destination clause directs the
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonchannel to the server's standard error stream. This is intended for
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonuse when the server is running as a foreground process, for example
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonwhen debugging a configuration.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server can supply extensive debugging information when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit is in debugging mode. If the server's global debug level is greater
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethan zero, then debugging mode will be active. The global debug
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel is set either by starting the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> flag followed by a positive integer,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor by running <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rndc trace</B
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas GustafssonThe global debug level
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan be set to zero, and debugging mode turned off, by running <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. All debugging messages in the server have a debug
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel, and higher debug levels give more detailed output. Channels
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat specify a specific debug severity, for example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "specific_debug_level" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity debug 3;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will get debugging output of level 3 or less any time the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver is in debugging mode, regardless of the global debugging
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelevel. Channels with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> severity use the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver's global level to determine what messages to print.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has been turned on, then
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe date and time will be logged. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-time</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe specified for a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> channel, but is usually
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepointless since <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> also prints the date and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-category</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is requested, then the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory of the message will be logged as well. Finally, if <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>print-severity</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon, then the severity level of the message will be logged. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> options may
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe used in any combination, and will always be printed in the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceorder: time, category, severity. Here is an example where all three <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="computeroutput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>28-Feb-2000 15:05:32.863 general: notice: running</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>There are four predefined channels that are used for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>'s default logging as follows. How they are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused is described in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#the_category_phrase"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.2.10.2</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "default_syslog" {
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson syslog daemon; // end to syslog's daemon
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson severity info; // only send priority info
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel "default_debug" {
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson file "named.run"; // write to named.run in
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // the working directory
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // Note: stderr is used instead
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // if the server is started
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // with the '-f' option.
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson severity dynamic; // log at the server's
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // current debug level
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafssonchannel "default_stderr" { // writes to stderr
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson severity info; // only send priority info
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechannel "null" {
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson null; // toss anything sent to
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson // this channel
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default_debug</B
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas Gustafsson> channel has the special
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas Gustafssonproperty that it only produces output when the server's debug level is
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas Gustafssonnonzero. It normally writes to a file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas Gustafssonin the server's working directory.</P
7c0ebe385b36d64c2424dd5a3e62d441c08e7037Andreas Gustafsson>For security reasons, when the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecommand line option is used, the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis created only after <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has changed to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenew UID, and any debug output generated while <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestarting up and still running as root is discarded. If you need
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto capture this output, you must run the server with the "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoption and redirect standard error to a file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Once a channel is defined, it cannot be redefined. Thus you
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecannot alter the built-in channels directly, but you can modify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe default logging by pointing categories at channels you have defined.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="the_category_phrase"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.2.10.2. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>There are many categories, so you can send the logs you want
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto see wherever you want, without seeing logs you don't want. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceyou don't specify a list of channels for a category, then log messages
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein that category will be sent to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinstead. If you don't specify a default category, the following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"default default" is used:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category "default" { "default_syslog"; "default_debug"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>As an example, let's say you want to log security events to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea file, but you also want keep the default logging behavior. You'd
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecify the following:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>channel "my_security_channel" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file "my_security_file";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce severity info;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory "security" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "my_security_channel";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "default_syslog";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "default_debug";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To discard all messages in a category, specify the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> channel:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>category "xfer-out" { "null"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategory "notify" { "null"; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following are the available categories and brief descriptions
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the types of log information they contain. More
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecategories may be added in future <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> releases.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The default category defines the logging
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions for those categories where no specific configuration has been
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The catch-all. Many things still aren't
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclassified into categories, and they all end up here.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Messages relating to the databases used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinternally by the name server to store zone and cache data.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Approval and denial of requests.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Configuration file parsing and processing.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>DNS resolution, such as the recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelookups performed on behalf of clients by a caching name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone transfers the server is receiving.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zone transfers the server is sending.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The NOTIFY protocol.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Processing of client requests.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonVALIGN="MIDDLE"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>Messages that named was unable to determine the
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellingtonclass of or for which there was no matching <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonA one line summary is also logged to the <B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonThis category is best sent to a file or stderr, by default it is sent to
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonVALIGN="MIDDLE"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Network operations.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Dynamic updates.</P
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonVALIGN="MIDDLE"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="command"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafsson>Dispatching of incoming packets to the
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafssonserver modules where they are to be processed.
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="command"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafsson>DNSSEC and TSIG protocol processing.
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="command"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafsson>lame-servers</B
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonVALIGN="MIDDLE"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafsson>Lame servers. These are misconfigurations
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas Gustafssonin remote servers, discovered by BIND 9 when trying to query
79bc63f0061bf2da3e1775d8c2312c5938cdc9f1Andreas Gustafssonthose servers during resolution.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> Statement Grammar</A
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> This is the grammar of the <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonstatement in the <TT
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="filename"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="programlisting"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="optional"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> listen-on { <TT
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="optional"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="optional"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="optional"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>] ; ... </SPAN
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="optional"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="optional"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>domain_name</I
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="optional"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson>domain_name</I
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="optional"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> Statement Definition and Usage</A
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statement configures the name
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonserver to also act as a lightweight resolver server, see
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Section 5.2</A
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>. There may be be multiple
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statements configuring
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonlightweight resolver servers with different properties.</P
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statement specifies a list of
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonaddresses (and ports) that this instance of a lightweight resolver daemon
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonshould accept requests on. If no port is specified, port 921 is used.
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas GustafssonIf this statement is omitted, requests will be accepted on 127.0.0.1,
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statement binds this instance of a
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonlightweight resolver daemon to a view in the DNS namespace, so that the
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonresponse will be constructed in the same manner as a normal DNS query
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonmatching this view. If this statement is omitted, the default view is
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonused, and if there is no default view, an error is triggered.</P
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statement is equivalent to the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="filename"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>. It provides a list of domains
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonwhich are appended to relative names in queries.</P
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> statement is equivalent to the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="filename"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>. It indicates the minimum
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonnumber of dots in a relative domain name that should result in an
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonexact match lookup before search path elements are appended.</P
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This is the grammar of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonstatement in the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> version <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>version_string</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> directory <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> named-xfer <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tkey-domain <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domainname</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tkey-dhkey <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> dump-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> memstatistics-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> pid-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statistics-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>path_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> zone-statistics <TT
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="replaceable"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> auth-nxdomain <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> deallocate-on-exit <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>dialup_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> fake-iquery <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> fetch-glue <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has-old-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> host-statistics <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafsson> minimal-responses <TT
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonCLASS="replaceable"
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> multiple-cnames <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> recursion <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> rfc2308-type1 <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> use-id-pool <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> maintain-ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forward ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> forwarders { <TT
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="optional"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="replaceable"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> check-names ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luce> response</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson> allow-notify { <TT
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>address_match_list</I
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-query { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-transfer { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-recursion { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson> allow-v6-synthesis { <TT
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>address_match_list</I
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> blackhole { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> listen-on [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric Luce> listen-on-v6 [<SPAN
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="optional"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="replaceable"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="replaceable"
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric Luce>address_match_list</I
ea91cb523112b44b4d2799ac7eb5e878721f2a59Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> query-source [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> address ( <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> tcp-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> recursive-clients <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson> serial-query-rate <TT
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="replaceable"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> serial-queries <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-format <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>( one-answer | many-answers )</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers-per-ns <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> transfer-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="constant"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="optional"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> transfer-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="constant"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="optional"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> notify-source (<TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="constant"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> notify-source-v6 (<TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="constant"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> also-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ixfr-log-size <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> coresize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> datasize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> stacksize <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> cleaning-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> heartbeat-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> interface-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statistics-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
035cd7b5bd983b3845da08680ac311c754809403Andreas Gustafsson> topology { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
035cd7b5bd983b3845da08680ac311c754809403Andreas Gustafsson> sortlist { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
035cd7b5bd983b3845da08680ac311c754809403Andreas Gustafsson> rrset-order { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>order_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>order_spec</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> lame-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ncache-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-cache-ttl <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sig-validity-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-roots <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> use-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> treat-cr-as-space <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-refresh-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> min-retry-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-retry-time <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonCLASS="optional"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> additional-from-auth <TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> additional-from-cache <TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="optional"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> random-device <TT
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="replaceable"
e250148432865805a3d2fd0029c02af8a67ff266Andreas GustafssonCLASS="optional"
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafsson> max-cache-size <TT
e250148432865805a3d2fd0029c02af8a67ff266Andreas GustafssonCLASS="replaceable"
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonCLASS="optional"
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas Gustafsson> match-mapped-addresses <TT
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
035cd7b5bd983b3845da08680ac311c754809403Andreas Gustafsson> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement sets up global options
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be used by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson>. This statement may appear only
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssononce in a configuration file. If more than one occurrence is found,
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonthe first occurrence determines the actual options used, and a warning
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonwill be generated. If there is no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonstatement, an options block with each option set to its default will
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The version the server should report
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevia a query of name <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is the real version number of this server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>directory</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The working directory of the server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAny non-absolute pathnames in the configuration file will be taken
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas relative to this directory. The default location for most server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>) is this directory.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf a directory is not specified, the working directory defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>', the directory from which the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas started. The directory specified should be an absolute path.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="emphasis"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>This option is obsolete.</I
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonIt was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonspecify the pathname to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, no separate <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>named-xfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceneeded; its functionality is built into the name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The domain appended to the names of all
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshared keys generated with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. When a client
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerequests a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> exchange, it may or may not specify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe desired name for the key. If present, the name of the shared
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekey will be "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>client specified part</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceOtherwise, the name of the shared key will be "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-domain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>". In most cases,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domainname</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> should be the server's domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tkey-dhkey</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The Diffie-Hellman key used by the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto generate shared keys with clients using the Diffie-Hellman mode
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. The server must be able to load the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepublic and private keys from files in the working directory. In
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemost cases, the keyname should be the server's host name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dump-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server dumps
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonthe database to when instructed to do so with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>rndc dumpdb</B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonIf not specified, the default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>memstatistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server writes memory
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonusage statistics to on exit. If not specified,
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonthe default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas Gustafsson>The pathname of the file the server writes its process ID
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas Gustafssonin. If not specified, the default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe pid-file is used by programs that want to send signals to the running
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenameserver.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-file</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The pathname of the file the server appends statistics
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonto when instructed to do so using <B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonIf not specified, the default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonserver's current directory. The format of the file is described
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.15</A
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> The UDP/TCP port number the server uses for
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonreceiving and sending DNS protocol traffic.
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonThe default is 53. This option is mainly intended for server testing;
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssona server using a port other than 53 will not be able to communicate with
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonthe global DNS.
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonCLASS="command"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson> option should be placed at
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonthe beginning of the options block, before
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonany other options that take port numbers or IP addresses,
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonto ensure that the port value takes effect for all addresses
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonused by the server.</P
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="command"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson>random-device</B
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> The source of entropy to be used by the server. Entropy is primarily needed
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonfor DNSSEC operations, such as TKEY transactions and dynamic update of signed
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonzones. This options specifies the device (or file) from which to read
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonentropy. If this is a file, operations requiring entropy will fail when the
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonfile has been exhausted. If not specified, the default value is
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="filename"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson(or equivalent) when present, and none otherwise. The
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="command"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson>random-device</B
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> option takes effect during
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonthe initial configuration load at server startup time and
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonis ignored on subsequent reloads.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="boolean_options"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.14.1. Boolean Options</A
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>auth-nxdomain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, then the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis always set on NXDOMAIN responses, even if the server is not actually
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceauthoritative. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea change from <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8. If you are using very old DNS software, you
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay need to set it to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>deallocate-on-exit</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to enable checking
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor memory leaks on exit. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 ignores the option and always performs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe checks.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver treats all zones as if they are doing zone transfers across
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea dial on demand dialup link, which can be brought up by traffic
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoriginating from this server. This has different effects according
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto zone type and concentrates the zone maintenance so that it all
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehappens in a short interval, once every <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehopefully during the one call. It also suppresses some of the normal
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone maintenance traffic. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay also be specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonin which case it overrides the global <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>If the zone is a master zone then the server will send out a NOTIFY
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafssonrequest to all the slaves. This will trigger the zone serial number check
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the slave (providing it supports NOTIFY) allowing the slave to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceverify the zone while the connection is active.</P
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonzone is a slave or stub zone, then the server will suppress the regular
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson"zone up to date" (refresh) queries and only perform them when the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> expires in addition to sending
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonNOTIFY requests.</P
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>Finer control can be achieved by using
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> which only sends NOTIFY messages,
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>notify-passive</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> which sends NOTIFY messages and
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonsuppresses the normal refresh queries, <TT
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonwhich suppresses normal refresh processing and send refresh queries
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>heartbeat-interval</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="userinput"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> which just disables normal refresh
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fake-iquery</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> 8, this option was used to
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonenable simulating the obsolete DNS query type
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> 9 never does IQUERY simulation.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fetch-glue</B
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson>This option is obsolete.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson>fetch-glue yes</B
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssoncaused the server to attempt to fetch glue resource records it
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssondidn't have when constructing the additional
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssondata section of a response. This is now considered a bad idea
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonand BIND 9 never does it.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>has-old-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was incorrectly implemented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8, and is ignored by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonTo achieve the intended effect
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>has-old-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe two separate options <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>auth-nxdomain</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>rfc2308-type1</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>host-statistics</B
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson>In BIND 8, this enables keeping of
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafssonstatistics for every host that the nameserver interacts with.
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas GustafssonNot implemented in BIND 9.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>maintain-ixfr-base</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="emphasis"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>This option is obsolete</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce It was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to determine whether a transaction log was
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekept for Incremental Zone Transfer. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 maintains a transaction
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelog whenever possible. If you need to disable outgoing incremental zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetransfers, use <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafsson>minimal-responses</B
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonCLASS="userinput"
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafsson>, then when generating
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafssonresponses the server will only add records to the authority and
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafssonadditional data sections when they are required (e.g. delegations,
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas Gustafssonnegative responses). This may improve the performance of the server.
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonThe default is <TT
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonCLASS="userinput"
7598325e6bbc3eb3cebcb08c7a9dec7ea4a64c27Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>multiple-cnames</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea domain name to allow multiple CNAME records in violation of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS standards. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
5dccc8b2a55f0222ffda0ff0a981bad4eb0563beAndreas Gustafsson> 9.2 always strictly
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonenforces the CNAME rules both in master files and dynamic updates.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (the default),
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS NOTIFY messages are sent when a zone the server is authoritative for
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Lucechanges, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 3.3</A
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>. The messages are sent to the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonservers listed in the zone's NS records (except the master server identified
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonin the SOA MNAME field), and to any servers listed in the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>also-notify</B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="userinput"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>, notifies are sent only to
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonservers explicitly listed using <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>also-notify</B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="userinput"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>, no notifies are sent.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> option may also be
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonspecified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein which case it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIt would only be necessary to turn off this option if it caused slaves
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>recursion</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNS query requests recursion, then the server will attempt to do
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonall the work required to answer the query. If recursion is off
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonand the server does not already know the answer, it will return a
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonreferral response. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonNote that setting <B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>recursion no;</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> does not prevent
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonclients from getting data from the server's cache; it only
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonprevents new data from being cached as an effect of client queries.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCaching may still occur as an effect the server's internal
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonoperation, such as NOTIFY address lookups.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>fetch-glue</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rfc2308-type1</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Setting this to <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecause the server to send NS records along with the SOA record for negative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceanswers. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>use-id-pool</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="emphasis"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>This option is obsolete</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> 9 always allocates query IDs from a pool.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>zone-statistics</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="userinput"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>, the server will, by default, collect
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyerstatistical data on all zones in the server. These statistics may be accessed
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>, which will dump them to the file listed
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="command"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer>statistics-file</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.15</A
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="emphasis"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>This option is obsolete</I
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonIf you need to disable IXFR to a particular server or servers see
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonthe information on the <B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>provide-ixfr</B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonHREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>Section 6.2.16</A
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonHREF="Bv9ARM.ch04.html#incremental_zone_transfers"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>Section 4.2</A
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>treat-cr-as-space</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyerthe server treat carriage return ("<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer>") characters the same way
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyeras a space or tab character,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto facilitate loading of zone files on a UNIX system that were generated
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon an NT or DOS machine. In <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, both UNIX "<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" newlines are always accepted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the option is ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>additional-from-auth</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>additional-from-cache</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> These options control the behavior of an authoritative server when
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonanswering queries which have additional data, or when following CNAME
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonand DNAME chains.
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> When both of these options are set to <TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="userinput"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson(the default) and a
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonquery is being answered from authoritative data (a zone
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonconfigured into the server), the additional data section of the
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonreply will be filled in using data from other authoritative zones
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonand from the cache. In some situations this is undesirable, such
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonas when there is concern over the correctness of the cache, or
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonin servers where slave zones may be added and modified by
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonuntrusted third parties. Also, avoiding
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonthe search for this additional data will speed up server operations
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonat the possible expense of additional queries to resolve what would
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonotherwise be provided in the additional section.
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> For example, if a query asks for an MX record for host <TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="literal"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonand the record found is "<TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="literal"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>", normally the address
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonrecords (A, A6, and AAAA) for <TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="literal"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> will be provided as well,
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonif known. Setting these options to <B
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> disables this behavior.
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> These options are intended for use in authoritative-only
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonservers, or in authoritative-only views. Attempts to set
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> without also specifying
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson>recursion no;</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> will cause the server to
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonignore the options and log a warning message.
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> Specifying <B
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson>additional-from-cache no</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssondisables the use of the cache not only for additional data lookups
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonbut also when looking up the answer. This is usually the desired
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonbehavior in an authoritative-only server where the correctness of
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonthe cached data is an issue.
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> When a name server is non-recursively queried for a name that is not
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonbelow the apex of any served zone, it normally answers with an
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson"upwards referral" to the root servers or the servers of some other
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonknown parent of the query name. Since the data in an upwards referral
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssoncomes from the cache, the server will not be able to provide upwards
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonreferrals when <B
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson>additional-from-cache no</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonhas been specified. Instead, it will respond to such queries
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonwith REFUSED. This should not cause any problems since
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonupwards referrals are not required for the resolution process.
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonCLASS="command"
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas Gustafsson>match-mapped-addresses</B
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonCLASS="userinput"
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonIPv4-mapped IPv6 address will match any address match
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas Gustafssonlist entries that match the corresponding IPv4 address.
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonEnabling this option is sometimes useful on IPv6-enabled Linux
1328f25787fcdaacf2dd7b094dcac26342cea341Andreas Gustafssonsystems, to work around a kernel quirk that causes IPv4
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas GustafssonTCP connections such as zone transfers to be accepted
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas Gustafssonon an IPv6 socket using mapped addresses, causing
faf83c82e0825a2e6ce6ac975a8e3faab1357310Andreas Gustafssonaddress match lists designed for IPv4 to fail to match.
1328f25787fcdaacf2dd7b094dcac26342cea341Andreas GustafssonThe use of this option for any other purpose is discouraged.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.14.2. Forwarding</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The forwarding facility can be used to create a large site-wide
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecache on a few servers, reducing traffic over links to external
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenameservers. It can also be used to allow queries by servers that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedo not have direct access to the Internet, but wish to look up exterior
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenames anyway. Forwarding occurs only on those queries for which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server is not authoritative and does not have the answer in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceits cache.</P
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This option is only meaningful if the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarders list is not empty. A value of <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe default, causes the server to query the forwarders first, and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif that doesn't answer the question the server will then look for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe answer itself. If <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is specified, the
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonserver will only query the forwarders.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies the IP addresses to be used
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonfor forwarding. The default is the empty list (no forwarding).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Forwarding can also be configured on a per-domain basis, allowing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the global forwarding options to be overridden in a variety
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof ways. You can set particular domains to use different forwarders,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor have a different <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luceor not forward at all, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_statement_grammar"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Section 6.2.21</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="access_control"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>6.2.14.3. Access Control</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Access to the server can be restricted based on the IP address
c71787bd6356c92e9c7d0a174cd63ab17fcf34c6Eric Luceof the requesting system. See <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#address_match_lists"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedetails on how to specify IP address lists.</P
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>Specifies which hosts are allowed to
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafssonnotify slaves of a zone change in addition to the zone masters.
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson> may also be specified in the
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson> statement, in which case it overrides the
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>options allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson> statement. It is only meaningful
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafssonfor a slave zone. If not specified, the default is to process notify messages
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafssononly from a zone's master.</P
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceask ordinary questions. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, in which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecase it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot specified, the default is to allow queries from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-recursion</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemake recursive queries through this server. If not specified, the
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssondefault is to allow recursive queries from all hosts.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonNote that disallowing recursive queries for a host does not prevent the
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonhost from retrieving data that is already in the server's cache.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>allow-v6-synthesis</B
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>Specifies which hosts are to receive
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonsynthetic responses to IPv6 queries as described in
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.13</A
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereceive zone transfers from the server. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucealso be specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, in which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecase it overrides the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf not specified, the default is to allow transfers from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>blackhole</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies a list of addresses that the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver will not accept queries from or use to resolve a query. Queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom these addresses will not be responded to. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>6.2.14.4. Interfaces</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The interfaces and ports that the server will answer queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom may be specified using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean optional port, and an <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe server will listen on all interfaces allowed by the address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucematch list. If a port is not specified, port 53 will be used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements are allowed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example,</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on { 5.6.7.8; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will enable the nameserver on port 53 for the IP address
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson5.6.7.8, and on port 1234 of an address on the machine in net
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson1.2 that is not 1.2.3.4.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is specified, the
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonserver will listen on port 53 on all interfaces.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option is used to
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonspecify the ports on which the server will listen for incoming
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonqueries sent using IPv6.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server does not bind a separate socket to each IPv6
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssoninterface address as it does for IPv4. Instead, it always
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonlistens on the IPv6 wildcard address. Therefore, the only
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonvalues allowed for the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonargument to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ any; }</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ none;}</PRE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> options can be
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonused to listen on multiple ports:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6 port 53 { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelisten-on-v6 port 1234 { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To make the server not listen on any IPv6 address, use</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on-v6 { none; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>listen-on-v6</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> statement is specified,
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonthe server will not listen on any IPv6 address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>6.2.14.5. Query Address</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If the server doesn't know the answer to a question, it will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery other nameservers. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe address and port used for such queries. For queries sent over
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIPv6, there is a separate <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or is omitted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea wildcard IP address (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>INADDR_ANY</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>) will be used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> or is omitted,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea random unprivileged port will be used. The defaults are</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source address * port *;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequery-source-v6 address * port *
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas Gustafsson>The address specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>query-source</B
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas Gustafssonis used for both UDP and TCP queries, but the port applies only to
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas GustafssonUDP queries. TCP queries always use a random
699095b077b0e4e6138b7546d5bb3f05b0d00bb7Andreas Gustafssonunprivileged port.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>6.2.14.6. Zone Transfers</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has mechanisms in place to facilitate zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand set limits on the amount of load that transfers place on the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesystem. The following options apply to zone transfers.</P
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Defines a global list of IP addresses of name servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat are also sent NOTIFY messages whenever a fresh copy of the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonzone is loaded, in addition to the servers listed in the zone's NS records.
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonThis helps to ensure that copies of the zones will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequickly converge on stealth servers. If an <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis given in a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, it will override
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>options also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. When a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, the IP addresses in the global <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenot be sent NOTIFY messages for that zone. The default is the empty
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist (no global notification list).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Inbound zone transfers running longer than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis many minutes will be terminated. The default is 120 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(2 hours).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Inbound zone transfers making no progress
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein this many minutes will be terminated. The default is 60 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Outbound zone transfers running longer than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethis many minutes will be terminated. The default is 120 minutes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(2 hours).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Outbound zone transfers making no progress
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Lucein this many minutes will be terminated. The default is 60 minutes (1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>serial-query-rate</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>Slave servers will periodically query master servers
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonto find out if zone serial numbers have changed. Each such query uses
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssona minute amount of the slave server's network bandwidth. To limit the
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonamount of bandwith used, BIND 9 limits the rate at which queries are
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonsent. The value of the <B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="command"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>serial-query-rate</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonan integer, is the maximum number of queries sent per second.
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonThe default is 20.
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>serial-queries</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>In BIND 8, the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>serial-queries</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonset the maximum number of concurrent serial number queries
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonallowed to be outstanding at any given time.
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonBIND 9 does not limit the number of outstanding
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafssonserial queries and ignores the <B
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas GustafssonCLASS="command"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson>serial-queries</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonInstead, it limits the rate at which the queries are sent
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonas defined using the <B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="command"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>serial-query-rate</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> Zone transfers can be sent using two different formats,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>one-answer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson>transfer-format</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> option is used
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonon the master server to determine which format it sends.
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> uses one DNS message per
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonresource record transferred.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> packs as many resource records as
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonpossible into a message. <B
9ffd207c48e20881634d91210885c0a177124ca9Andreas GustafssonCLASS="command"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson>many-answers</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonefficient, but is only supported by relatively new slave servers,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonversions of <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafsson> 4.9.5. The default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
9ffd207c48e20881634d91210885c0a177124ca9Andreas Gustafssonmay be overridden on a per-server basis by using the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of inbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be running concurrently. The default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIncreasing <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> may speed up the convergence
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof slave zones, but it also may increase the load on the local system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of outbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be running concurrently. Zone transfer requests in excess
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the limit will be refused. The default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of inbound zone transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat can be concurrently transferring from a given remote nameserver.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default value is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. Increasing <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespeed up the convergence of slave zones, but it also may increase
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe load on the remote nameserver. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe overridden on a per-server basis by using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich local address will be bound to IPv4 TCP connections used to
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonfetch zones transferred inbound by the server. It also determines
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonthe source IPv4 address, and optionally the UDP port, used for the
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonrefresh queries and forwarded dynamic updates. If not set, it defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto a system controlled value which will usually be the address of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe interface "closest to" the remote end. This address must appear
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the remote end's <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe zone being transferred, if one is specified. This statement
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> for all zones, but can
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonbe overridden on a per-view or per-zone basis by including a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> statement within the
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the configuration file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source-v6</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The same as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexcept zone transfers are performed using IPv6.</P
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonwhich local source address, and optionally UDP port, will be used to
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonsend NOTIFY messages.
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonThis address must appear in the slave server's <B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafssonzone clause or in an <B
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonThis statement sets the <B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> for all zones,
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssonbut can be overridden on a per-zone / per-view basis by including a
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> statement within the <B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> block in the configuration file.</P
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source-v6</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonbut applies to notify messages sent to IPv6 addresses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.7. Operating System Resource Limits</A
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson>The server's usage of many system resources can be limited.
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonScaled values are allowed when specifying resource limits. For
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> can be used instead of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>1073741824</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> to specify a limit of one
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</B
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> requests unlimited use, or the
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonmaximum available amount. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> uses the limit
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonthat was in force when the server was started. See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>size_spec</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#configuration_file_elements"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 6.1</A
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>The following options set operating system resource limits for
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonthe name server process. Some operating systems don't support some or
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonany of the limits. On such systems, a warning will be issued if the
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonunsupported limit is used.</P
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum size of a core dump. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum amount of data memory the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay use. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonThis is a hard limit on server memory usage.
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonIf the server attempts to allocate memory in excess of this
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonlimit, the allocation will fail, which may in turn leave
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonthe server unable to perform DNS service. Therefore,
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonthis option is rarely useful as a way of limiting the
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonamount of memory used by the server, but it can be used
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonto raise an operating system data size limit that is
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssontoo small by default. If you wish to limit the amount
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonof memory used by the server, use the
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>max-cache-size</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>recursive-clients</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonoptions instead.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of files the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemay have open concurrently. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>unlimited</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>The maximum amount of stack memory the server
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonmay use. The default is <TT
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonCLASS="literal"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.8. Server Resource Limits</A
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>The following options set limits on the server's
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonresource consumption that are enforced internally by the
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonserver rather than the operating system.</P
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>max-ixfr-log-size</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>This option is obsolete; it is accepted
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonand ignored for BIND 8 compatibility.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>recursive-clients</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>The maximum number of simultaneous recursive lookups
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonthe server will perform on behalf of clients. The default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>. Because each recursing clients uses a fair
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonbit of memory, on the order of 20 kilobytes, the value of the
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>recursive-clients</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson> option may have to be decreased
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonon hosts with limited memory.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>tcp-clients</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum number of simultaneous client TCP
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafssonconnections that the server will accept.
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas GustafssonThe default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
e250148432865805a3d2fd0029c02af8a67ff266Andreas GustafssonCLASS="command"
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafsson>max-cache-size</B
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafsson>The maximum amount of memory to use for the
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonserver's cache, in bytes. When the amount of data in the cache
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonreaches this limit, the server will cause records to expire
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonprematurely so that the limit is not exceeded. In a server with
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonmultiple views, the limit applies separately to the cache of each
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonview. The default is <TT
e250148432865805a3d2fd0029c02af8a67ff266Andreas GustafssonCLASS="literal"
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafsson>, meaning that
e250148432865805a3d2fd0029c02af8a67ff266Andreas Gustafssonrecords are purged from the cache only when their TTLs expire.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.9. Periodic Task Intervals</A
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>cleaning-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will remove expired resource records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom the cache every <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>cleaning-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is 60 minutes.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf set to 0, no periodic cleaning will occur.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>heartbeat-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will perform zone maintenance tasks
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonfor all zones marked as <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> whenever this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinterval expires. The default is 60 minutes. Reasonable values are up
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto 1 day (1440 minutes). If set to 0, no zone maintenance for these zones will occur.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>interface-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server will scan the network interface list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>interface-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> minutes. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis 60 minutes. If set to 0, interface scanning will only occur when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe configuration file is loaded. After the scan, listeners will be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestarted on any new interfaces (provided they are allowed by the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>listen-on</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration). Listeners on interfaces
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat have gone away will be cleaned up.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Nameserver statistics will be logged
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>statistics-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> minutes. The default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce60. If set to 0, no statistics will be logged.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="topology"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.10. Topology</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All other things being equal, when the server chooses a nameserver
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto query from a list of nameservers, it prefers the one that is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetopologically closest to itself. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> and interprets it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein a special way. Each top-level list element is assigned a distance.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNon-negated elements get a distance based on their position in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist, where the closer the match is to the start of the list, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshorter the distance is between it and the server. A negated match
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be assigned the maximum distance from the server. If there
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis no match, the address will get a distance which is further than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany non-negated list element, and closer than any negated element.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceFor example,</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will prefer servers on network 10 the most, followed by hosts
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexception of hosts on network 1.2.3 (netmask 255.255.255.0), which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis preferred least of all.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The default topology is</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> topology { localhost; localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonis not implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="the_sortlist_statement"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.11. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement</A
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>The response to a DNS query may consist of multiple resource
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonrecords (RRs) forming a resource records set (RRset).
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonThe name server will normally return the
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonRRs within the RRset in an indeterminate order
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson(but see the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafsson>rrset-order</B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonstatement in <A
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonHREF="Bv9ARM.ch06.html#rrset_ordering"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.12</A
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonThe client resolver code should rearrange the RRs as appropriate,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat is, using any addresses on the local net in preference to other addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHowever, not all resolvers can do this or are correctly configured.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen a client is using a local server the sorting can be performed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the server, based on the client's address. This only requires
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconfiguring the nameservers, not all the clients.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement (see below) takes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>address_match_list</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> and interprets it even
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemore specifically than the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.10</A
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonEach top level statement in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceitself be an explicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceone or two elements. The first element (which may be an IP address,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean IP prefix, an ACL name or a nested <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof each top level list is checked against the source address of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe query until a match is found.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Once the source address of the query has been matched, if
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe top level statement contains only one element, the actual primitive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceelement that matched the source address is used to select the address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the response to move to the beginning of the response. If the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestatement is a list of two elements, then the second element is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetreated the same as the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. Each top level element
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis assigned a distance and the address in the response with the minimum
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedistance is moved to the beginning of the response.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>In the following example, any queries received from any of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe addresses of the host itself will get responses preferring addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon any of the locally connected networks. Next most preferred are addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon the 192.168.1/24 network, and after that either the 192.168.2/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce192.168.3/24 network with no preference shown between these two
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetworks. Queries received from a host on the 192.168.1/24 network
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill prefer other addresses on that network to the 192.168.2/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce192.168.3/24 networks. Queries received from a host on the 192.168.4/24
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor the 192.168.5/24 network will only prefer other addresses on
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetheir directly connected networks.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { localhost; // IF the local host
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { localnets; // THEN first fit on the
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.1/24; // IF on class C 192.168.1
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.1/24; // THEN use .1, or .2 or .3
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.2/24; // IF on class C 192.168.2
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.2/24; // THEN use .2, or .1 or .3
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.3/24; // IF on class C 192.168.3
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { 192.168.3/24; // THEN use .3, or .1 or .2
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following example will give reasonable behavior for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelocal host and hosts on directly connected networks. It is similar
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto the behavior of the address sort in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
4e243fdc6b33a6371208b48d64912d8e327b4f5cAndreas Gustafsson> 4.9.x. Responses sent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto queries from the local host will favor any of the directly connected
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetworks. Responses sent to queries from any other hosts on a directly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconnected network will prefer addresses on that same network. Responses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto other queries will not be sorted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localhost; localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce { localnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="rrset_ordering"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.12. RRset Ordering</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>When multiple records are returned in an answer it may be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuseful to configure the order of the records placed into the response.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement permits configuration
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonof the ordering of the records in a multiple record response.
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonSee also the <B
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonCLASS="command"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonHREF="Bv9ARM.ch06.html#the_sortlist_statement"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.11</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>order_spec</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is defined as follows:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>class_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>type_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>"domain_name"</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If no class is specified, the default is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf no type is specified, the default is <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf no name is specified, the default is "<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The legal values for <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in the order they
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare defined in the zone file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in some random order.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Records are returned in a round-robin
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce class IN type A name "host.example.com" order random;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce order cyclic;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>will cause any responses for type A records in class IN that
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" as a suffix, to always be returned
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein random order. All other records are returned in cyclic order.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If multiple <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements appear,
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonthey are not combined — the last one applies.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas GustafssonBIND 9 currently supports only a "random-cyclic" ordering,
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonwhere the server randomly chooses a starting point within
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonthe RRset and returns the records in order starting at
6c6af6107a75ce28a0af57851dca3c87b042ab4aAndreas Gustafssonthat point, wrapping around the end of the RRset if
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonNAME="synthesis"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.13. Synthetic IPv6 responses</A
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>Many existing stub resolvers support IPv6 DNS lookups as defined in
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonRFC1886, using AAAA records for forward lookups and "nibble labels" in
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson> domain for reverse lookups, but do not support
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonRFC2874-style lookups (using A6 records and binary labels in the
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>For those who wish to continue to use such stub resolvers rather than
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonswitching to the BIND 9 lightweight resolver, BIND 9 provides a way
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonto automatically convert RFC1886-style lookups into
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonRFC2874-style lookups and return the results as "synthetic" AAAA and
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonPTR records.</P
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>This feature is disabled by default and can be enabled on a per-client
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonbasis by adding a
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="command"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>allow-v6-synthesis { <TT
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="replaceable"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>address_match_list</I
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonclause to the <B
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="command"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="command"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson When it is enabled, recursive
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonAAAA queries cause the server to first try an A6 lookup and if that
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonfails, an AAAA lookups. No matter which one succeeds, the results are
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonreturned as a set of synthetic AAAA records. Similarly, recursive PTR
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonlabels, and if that fails, another lookup in <TT
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonThe results are returned as a synthetic PTR record in
3d9b2687475344a87c377a5158c41b43a03fc443Andreas GustafssonCLASS="literal"
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafsson>The synthetic records have a TTL of zero. DNSSEC validation of
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonsynthetic responses is not currently supported; therefore responses
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssoncontaining synthetic RRs will not have the AD flag set.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="tuning"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.14. Tuning</A
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Sets the number of seconds to cache a
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Lucelame server indication. 0 disables caching. (This is
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric LuceCLASS="emphasis"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> recommended.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDefault is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> (10 minutes). Maximum value is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> (30 minutes).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>To reduce network traffic and increase performance
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe server stores negative answers. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused to set a maximum retention time for these answers in the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein seconds. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
fafd1d771905532e8dc3efa2ce90ce4c9e74af61Eric Luce> seconds (3 hours).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-ncache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> cannot exceed 7 days and will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe silently truncated to 7 days if set to a greater value.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-cache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-cache-ttl</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe maximum time for which the server will cache ordinary (positive)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceanswers. The default is one week (7 days).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>min-roots</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The minimum number of root servers that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis required for a request for the root servers to be accepted. Default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Not yet implemented in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies the number of days into the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefuture when DNSSEC signatures automatically generated as a result
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof dynamic updates (<A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch04.html#dynamic_update"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill expire. The default is <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> days. The signature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinception time is unconditionally set to one hour before the current time
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto allow for a limited amount of clock skew.</P
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>min-refresh-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>max-refresh-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>min-retry-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>max-retry-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> These options control the server's behavior on refreshing a zone
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson(querying for SOA changes) or retrying failed transfers.
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonUsually the SOA values for the zone are used, but these values
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafssonare set by the master, giving slave server administrators little
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafssoncontrol over their contents.
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> These options allow the administrator to set a minimum and maximum
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafssonrefresh and retry time either per-zone, per-view, or per-server.
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonThese options are valid for master, slave and stub zones,
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafssonand clamp the SOA refresh and retry times to the specified values.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonNAME="statsfile"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>6.2.14.15. The Statistics File</A
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The statistics file generated by <SPAN
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="acronym"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonis similar, but not identical, to that
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssongenerated by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The statistics dump begins with the line <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>+++ Statistics Dump
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson+++ (973798949)</B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>, where the number in parentheses is a standard
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonUnix-style timestamp, measured as seconds since January 1, 1970. Following
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonthat line are a series of lines containing a counter type, the value of the
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssoncounter, optionally a zone name, and optionally a view name.
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonThe lines without view and zone listed are global statistics for the entire server.
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonLines with a zone and view name for the given view and zone (the view name is
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonomitted for the default view). The statistics dump ends
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonwith the line <B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>--- Statistics Dump --- (973798949)</B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonnumber is identical to the number in the beginning line.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The following statistics counters are maintained:</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="informaltable"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCELLPADDING="3"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="CALSTABLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonsuccessful queries made to the server or zone. A successful query
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonis defined as query which returns a NOERROR response other than
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssona referral response.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The number of queries which resulted
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonin referral responses.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The number of queries which resulted in
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonNOERROR responses with no data.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonof queries which resulted in NXDOMAIN responses.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The number of queries which caused the server
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonto perform recursion in order to find the final answer.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="command"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonVALIGN="MIDDLE"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>The number of queries which resulted in a
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonfailure response other than those above.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="server_statement_grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> provide-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> request-ixfr <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>yes_or_no</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="replaceable"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfers <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-format <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>( one-answer | many-answers )</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>{ string ; [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> string ; [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="server_statement_definition_and_usage"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statement defines characteristics
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be associated with a remote nameserver.</P
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statement can occur at the top level of the
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonconfiguration file or inside a <B
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statement contains
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statements, only those
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonapply to the view and any top-level ones are ignored.
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonIf a view contains no <B
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafssonany top-level <B
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas GustafssonCLASS="command"
873355df80e292cfdd67b9482f1846e2bc9b423eAndreas Gustafsson> statements are used as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If you discover that a remote server is giving out bad data,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemarking it as bogus will prevent further queries to it. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause determines whether
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe local server, acting as master, will respond with an incremental
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone transfer when the given remote server, a slave, requests it.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, incremental transfer will be provided
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhenever possible. If set to <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, all transfers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto the remote server will be nonincremental. If not set, the value
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>provide-ixfr</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> option in the global options block
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis used as a default.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause determines whether
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe local server, acting as a slave, will request incremental zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetransfers from the given remote server, a master. If not set, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevalue of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option in the global
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions block is used as a default.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>IXFR requests to servers that do not support IXFR will automatically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefall back to AXFR. Therefore, there is no need to manually list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich servers support IXFR and which ones do not; the global default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> should always work.
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas GustafssonThe purpose of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provide-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>request-ixfr</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto make it possible to disable the use of IXFR even when both master
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand slave claim to support it, for example if one of the servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis buggy and crashes or corrupts data when IXFR is used.</P
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="command"
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafsson> clause determines whether the local server
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas Gustafssonwill attempt to use EDNS when communicating with the remote server. The
3ba6d0298ae3414ab12f1a6ae35e14b119f4311eAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server supports two zone transfer methods. The first, <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>one-answer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuses one DNS message per resource record transferred. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas many resource records as possible into a message. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>many-answers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemore efficient, but is only known to be understood by <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 4.9.5. You can specify which method
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto use for a server with the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>transfer-format</B
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> is not specified, the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-format</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement will be used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is used to limit the number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconcurrent inbound zone transfers from the specified server. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is specified, the limit is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceset according to the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfers-per-ns</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is used to identify a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, to be used for transaction
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesecurity when talking to the remote server. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemust come before the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement that references
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit. When a request is sent to the remote server, a request signature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill be generated using the key specified here and appended to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemessage. A request originating from the remote server is not required
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be signed by this key.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Although the grammar of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceallows for multiple keys, only a single key per server is currently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupported.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines DNSSEC
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesecurity roots. DNSSEC is described in <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section 4.7</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. A security root is defined when the public key for a non-authoritative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone is known, but cannot be securely obtained through DNS, either
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebecause it is the DNS root zone or its parent zone is unsigned.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceOnce a key has been configured as a trusted key, it is treated as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif it had been validated and proven secure. The resolver attempts
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDNSSEC validation on all DNS data in subdomains of a security root.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>trusted-keys</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement can contain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemultiple key entries, each consisting of the key's domain name,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceflags, protocol, algorithm, and the base-64 representation of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_name</I
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson match-destinations { <TT
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="replaceable"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>address_match_list</I
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson match-recursive-only { <TT
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> zone-statistics <TT
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="replaceable"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone_statement</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is a powerful new feature
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 that lets a name server answer a DNS query differently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedepending on who is asking. It is particularly useful for implementing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesplit DNS setups without having to run multiple servers.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement defines a view of the
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonDNS namespace that will be seen by a subset of clients. A client matches
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssona view if its source IP address matches the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</TT
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> of the view's
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>match-clients</B
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> clause and its destination IP address matches
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="varname"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>address_match_list</TT
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> of the view's
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>match-destinations</B
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> clause. If not specified, both
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>match-clients</B
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>match-destinations</B
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssondefault to matching all addresses. A view can also be specified
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>match-recursive-only</B
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson>, which means that only recursive
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonrequests from matching clients will match that view.
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas GustafssonThe order of the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> statements is significant —
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssona client request will be resolved in the context of the first
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> that it matches.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Zones defined within a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe only be accessible to clients that match the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce By defining a zone of the same name in multiple views, different
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone data can be given to different clients, for example, "internal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand "external" clients in a split DNS setup.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Many of the options given in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan also be used within a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement, and then
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonapply only when resolving queries with that view. When no view-specific
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucevalue is given, the value in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis used as a default. Also, zone options can have default values specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement; these view-specific defaults
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetake precedence over those in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Views are class specific. If no class is given, class IN
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonis assumed. Note that all non-IN views must contain a hint zone,
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonsince only the IN class has compiled-in default hints.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If there are no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> statements in the config
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssonfile, a default view that matches any client is automatically created
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssonin class IN, and any <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> statements specified on
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssonthe top level of the configuration file are considered to be part of
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafssonthis default view. If any explicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare present, all <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
e1ad5fdd33cb05f65b06825e7b1bcfb720879289Andreas Gustafsson> statements must occur inside
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Here is an example of a typical split DNS setup implemented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statements.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>view "internal" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // This should match our internal networks.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { 10.0.0.0/8; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide recursive service to internal clients only.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recursion yes;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide a complete view of the example.com zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // including addresses of internal hosts.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceview "external" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce match-clients { any; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Refuse recursive service to external clients.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recursion no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // Provide a restricted view of the example.com zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // containing only publicly accessible hosts.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="zone_statement_grammar"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceStatement Grammar</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone_name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type ( master | slave | hint | stub | forward ) ;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson> allow-notify { <TT
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>address_match_list</I
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-query { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-transfer { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-update { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> update-policy { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update_policy_rule</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] } ; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> allow-update-forwarding { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>address_match_list</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> also-notify { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> check-names (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson>dialup_option</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> forward (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson> forwarders { <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="optional"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="replaceable"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>] ; ... </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> ixfr-tmp-file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> maintain-ixfr-base <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> masters [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="optional"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] } ; </SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-ixfr-log-size <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-idle-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-in <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> max-transfer-time-out <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-source (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="optional"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> transfer-source-v6 (<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="constant"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="optional"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> notify-source (<TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="constant"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> notify-source-v6 (<TT
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="constant"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="replaceable"
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="optional"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> zone-statistics <TT
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="replaceable"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> sig-validity-interval <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="optional"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer> database <TT
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="replaceable"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="optional"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> min-refresh-time <TT
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="replaceable"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="optional"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> max-refresh-time <TT
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="replaceable"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="optional"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> min-retry-time <TT
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="replaceable"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="optional"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> max-retry-time <TT
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Statement Definition and Usage</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.22.1. Zone Types</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The server has a master copy of the data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the zone and will be able to provide authoritative answers for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A slave zone is a replica of a master
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> list specifies one or more IP addresses
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonof master servers that the slave contacts to update its copy of the zone.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonBy default, transfers are made from port 53 on the servers; this can
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonbe changed for all servers by specifying a port number before the
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonlist of IP addresses, or on a per-server basis after the IP address.
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonAuthentication to the master can also be done with per-server TSIG keys.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonIf a file is specified, then the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereplica will be written to this file whenever the zone is changed,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand reloaded from this file on a server restart. Use of a file is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerecommended, since it often speeds server start-up and eliminates
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea needless waste of bandwidth. Note that for large numbers (in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetens or hundreds of thousands) of zones per server, it is best to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceuse a two level naming scheme for zone file names. For example,
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssona slave server for the zone <TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> might place
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe zone contents into a file called
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucejust the first two letters of the zone name. (Most operating systems
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebehave very slowly if you put 100K files into a single directory.)</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A stub zone is similar to a slave zone,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexcept that it replicates only the NS records of a master zone instead
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the entire zone. Stub zones are not a standard part of the DNS;
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonthey are a feature specific to the <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> implementation.
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson>Stub zones can be used to eliminate the need for glue NS record
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonin a parent zone at the expense of maintaining a stub zone entry and
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssona set of name server addresses in <TT
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="filename"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonThis usage is not recommended for new configurations, and BIND 9
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonsupports it only in a limited way.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> 4/8, zone transfers of a parent zone
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonincluded the NS records from stub children of that zone. This meant
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonthat, in some cases, users could get away with configuring child stubs
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssononly in the master server for the parent zone. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson9 never mixes together zone data from different zones in this
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonway. Therefore, if a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson> 9 master serving a parent
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonzone has child stub zones configured, all the slave servers for the
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonparent zone also need to have the same child stub zones
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafsson>Stub zones can also be used as a way of forcing the resolution
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonof a given domain to use a particular set of authoritative servers.
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonFor example, the caching name servers on a private network using
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonRFC2157 addressing may be configured with stub zones for
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas GustafssonCLASS="literal"
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonto use a set of internal name servers as the authoritative
c60793c77f6b6b8b66ad57c73cd7eb67e8d7ff6fAndreas Gustafssonservers for that domain.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A "forward zone" is a way to configure
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarding on a per-domain basis. A <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> can contain a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich will apply to queries within the domain given by the zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename. If no <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement is present or
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean empty list for <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is given, then no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceforwarding will be done for the domain, cancelling the effects of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceany forwarders in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement. Thus
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif you want to use this type of zone to change the behavior of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> option (that is, "forward first
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto", then "forward only", or vice versa, but want to use the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservers as set globally) you need to respecify the global forwarders.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The initial set of root nameservers is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified using a "hint zone". When the server starts up, it uses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe root hints to find a root nameserver and get the most recent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelist of root nameservers. If no hint zone is specified for class
da4cfd494c1f8d612c7e1d5407567686b326e511Andreas GustafssonIN, the server uses a compiled-in default set of root servers hints.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceClasses other than IN have no built-in defaults hints.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.22.2. Class</A
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson>The zone's name may optionally be followed by a class. If
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssona class is not specified, class <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Internet</TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssonis assumed. This is correct for the vast majority of cases.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenamed for an information service from MIT's Project Athena. It is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused to share information about various systems databases, such
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceas users, groups, printers and so on. The keyword
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea synonym for hesiod.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Another MIT development is CHAOSnet, a LAN protocol created
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the mid-1970s. Zone data for it can be specified with the <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.22.3. Zone Options</A
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>See the description of
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>allow-notify</B
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonHREF="Bv9ARM.ch06.html#access_control"
f1fd37f759991616d454ce371a2390da45141593Andreas Gustafsson>Section 6.2.14.3</A
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-query</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#access_control"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-transfer</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#access_control"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.3</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubmit Dynamic DNS updates for master zones. The default is to deny
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceupdates from all hosts.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies a "Simple Secure Update" policy. See
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#dynamic_update_policies"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Section 6.2.22.4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update-forwarding</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Specifies which hosts are allowed to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubmit Dynamic DNS updates to slave zones to be forwarded to the
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonmaster. The default is <TT
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="userinput"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonmeans that no update forwarding will be performed. To enable
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonupdate forwarding, specify
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="userinput"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>allow-update-forwarding { any; };</B
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonSpecifying values other than <TT
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="userinput"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonCLASS="userinput"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson> is usually counterproductive, since
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonthe responsibility for update access control should rest with the
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonmaster server, not the slaves.</P
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>Note that enabling the update forwarding feature on a slave server
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonmay expose master servers relying on insecure IP address based
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonaccess control to attacks; see <A
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas GustafssonHREF="Bv9ARM.ch07.html#dynamic_update_security"
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafsson>Section 7.3</A
6b35c2fec9938cbd4cc39f2d054086d8af3c343dAndreas Gustafssonfor more details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Only meaningful if <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceactive for this zone. The set of machines that will receive a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>DNS NOTIFY</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor this zone is made up of all the listed nameservers (other than
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe primary master) for the zone plus any IP addresses specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>. A port may be specified
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonCLASS="command"
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson>also-notify</B
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson> address to send the notify
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafssonmessages to a port other than the default of 53.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>also-notify</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is not meaningful for stub zones.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas GustafssonThe default is the empty list.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>check-names</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> This option was used in BIND 8 to restrict the character set of
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssondomain names in master files and/or DNS responses received from the
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonnetowrk. BIND 9 does not restrict the character set of domain names
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonand does not implement the <B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>check-names</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Specify the type of database to be used for storing the
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonzone data. The string following the <B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonis interpreted as a list of whitespace-delimited words. The first word
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonidentifies the database type, and any subsequent words are passed
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonas arguments to the database to be interpreted in a way specific
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonto the database type.</P
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>The default is <TT
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="userinput"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>, BIND 9's native in-memory
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonred-black-tree database. This database does not take arguments.</P
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Other values are possible if additional database drivers
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonhave been linked into the server. Some sample drivers are included
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafssonwith the distribution but none are linked in by default.</P
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#boolean_options"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Section 6.2.14.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Only meaningful if the zone has a forwarders
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> value causes the lookup to fail
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceafter trying the forwarders and getting no answer, while <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceallow a normal lookup to be tried.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>forwarders</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Used to override the list of global forwarders.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf it is not specified in a zone of type <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceno forwarding is done for the zone; the global options are not used.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>ixfr-base</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Was used in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8 to specify the name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the transaction log (journal) file for dynamic update and IXFR.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 ignores the option and constructs the name of the journal
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafssonfile by appending "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" to the name of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas Gustafsson>ixfr-tmp-file</B
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas Gustafsson>Was an undocumented option in <SPAN
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas GustafssonCLASS="acronym"
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas GustafssonIgnored in <SPAN
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas GustafssonCLASS="acronym"
c6433f2b214f49e691d126b7276980c20f74b6bbAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-in</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-time-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>max-transfer-idle-out</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#boolean_options"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>Section 6.2.14.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 8, this option was intended for specifying
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea public zone key for verification of signatures in DNSSEC signed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezones when they are loaded from disk. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 does not verify signatures
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon loading and ignores the option.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>zone-statistics</B
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="userinput"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>, the server will keep statistical
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafssoninformation for this zone, which can be dumped to the
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>statistics-file</B
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson> defined in the server options.</P
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael SawyerCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>sig-validity-interval</B
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.14</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>See the description of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>transfer-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>transfer-source-v6</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>See the description of
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>transfer-source-v6</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>See the description of
78d65c654251b02c41628914986723cbec93a7a1Andreas GustafssonCLASS="command"
78d65c654251b02c41628914986723cbec93a7a1Andreas Gustafsson>notify-source</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>notify-source-v6</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>See the description of
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>notify-source-v6</B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonHREF="Bv9ARM.ch06.html#zone_transfers"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Section 6.2.14.6</A
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>min-refresh-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>max-refresh-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>min-retry-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas GustafssonCLASS="command"
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson>max-retry-time</B
9090a36b61a90746738f66bce09ceaf8d8491d7eAndreas Gustafsson> See the description in <A
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.14</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="dynamic_update_policies"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>6.2.22.4. Dynamic Update Policies</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 supports two alternative methods of granting clients
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonthe right to perform dynamic updates to a zone,
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafssonconfigured by the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
86c1ac00da33c2ecc14f5ca69fba40186460ce57Andreas Gustafsson> option, respectively.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause works the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceway as in previous versions of <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>. It grants given clients the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepermission to update any record of any name in the zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> clause is new in <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce9 and allows more fine-grained control over what updates are allowed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA set of rules is specified, where each rule either grants or denies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepermissions for one or more names to be updated by one or more identities.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce If the dynamic update request message is signed (that is, it includes
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeither a TSIG or SIG(0) record), the identity of the signer can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe determined.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Rules are specified in the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoption, and are only meaningful for master zones. When the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis present, it is a configuration error for the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>allow-update</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto be present. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>update-policy</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> statement only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexamines the signer of a message; the source address is not relevant.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This is how a rule definition looks:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Each rule grants or denies privileges. Once a message has
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesuccessfully matched a rule, the operation is immediately granted
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor denied and no further rules are examined. A rule is matched
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhen the signer matches the identity field, the name matches the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename field, and the type is specified in the type field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The identity field specifies a name or a wildcard name. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenametype field has 4 values: <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>subdomain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>wildcard</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesame as the name in the name field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>subdomain</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is a subdomain
3d9b2687475344a87c377a5158c41b43a03fc443Andreas Gustafssonof the name in the name field (which includes the name itself).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>wildcard</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is a valid
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceexpansion of the wildcard name in the name field.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Matches when the updated name is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesame as the message signer. The name field is ignored.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>If no types are specified, the rule matches all types except
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSIG, NS, SOA, and NXT. Types may be specified by name, including
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce"ANY" (ANY matches all types except NXT, which can never be updated).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3. Zone File</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="types_of_resource_records_and_when_to_use_them"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1. Types of Resource Records and When to Use Them</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This section, largely borrowed from RFC 1034, describes the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconcept of a Resource Record (RR) and explains when each is used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSince the publication of RFC 1034, several new RRs have been identified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand implemented in the DNS. These are also included.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1.1. Resource Records</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A domain name identifies a node. Each node has a set of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce resource information, which may be empty. The set of resource
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce information associated with a particular name is composed of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce separate RRs. The order of RRs in a set is not significant and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce need not be preserved by nameservers, resolvers, or other
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce parts of the DNS. However, sorting of multiple RRs is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce permitted for optimization purposes, for example, to specify
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that a particular nearby server be tried first. See <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#the_sortlist_statement"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.11</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#rrset_ordering"
989b28f988e35401f1a50ecbeed0b38b023604b4Andreas Gustafsson>Section 6.2.14.12</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The components of a Resource Record are:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>owner name</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the domain name where the RR is found.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an encoded 16 bit value that specifies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe type of the resource in this resource record. Types refer to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceabstract resources.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the time to live of the RR. This field
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis a 32 bit integer in units of seconds, and is primarily used by
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresolvers when they cache RRs. The TTL describes how long a RR can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe cached before it should be discarded.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an encoded 16 bit value that identifies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea protocol family or instance of a protocol.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the type and sometimes class-dependent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata that describes the resource.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following are <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> of valid RRs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(some of these listed, although not obsolete, are experimental (x)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor historical (h) and no longer in general use):</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a host address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>an IPv6 address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Obsolete format of IPv6 address</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) location of AFS database servers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the canonical name of an alias.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>for delegation of reverse addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceReplaces the domain name specified with another name to be looked
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceup. Described in RFC 2672.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the CPU and OS used by a host.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) representation of ISDN addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>stores a public key associated with a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) for storing GPS info. See RFC 1876.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceExperimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies a mail exchange for the domain.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce See RFC 974 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the authoritative nameserver for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>used in DNSSEC to securely indicate that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRRs with an owner name in a certain name interval do not exist in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea zone and indicate what RR types are present for an existing name.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSee RFC 2535 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a pointer to another part of the domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename space.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) information on persons responsible
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the domain. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) route-through binding for hosts that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedo not have their own direct wide area network addresses. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>("signature") contains data authenticated
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the secure DNS. See RFC 2535 for details.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>identifies the start of a zone of authority.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>information about well known network
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceservices (replaces WKS).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(h) information about which well known
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenetwork services, such as SMTP, that a domain supports. Historical,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereplaced by newer RR SRV.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>(x) representation of X.25 network addresses. Experimental.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> of resource records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare currently valid in the DNS:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>the Internet system.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For information about other,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceolder classes of RRs, see <A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch09.html#classes_of_resource_records"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Section A.2.1</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is the type-dependent or class-dependent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata that describes the resource:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>for the IN class, a 32 bit IP address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>maps a domain name to an IPv6 address,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith a provision for indirection for leading "prefix" bits.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>provides alternate naming to an entire
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesubtree of the domain name space, rather than to a single node.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce It causes some suffix of a queried name to be substituted with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea name from the DNAME record's RDATA.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a 16 bit preference value (lower is better)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowed by a host name willing to act as a mail exchange for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceowner domain.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a fully qualified domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>a fully qualified domain name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>several fields.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The owner name is often implicit, rather than forming an integral
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepart of the RR. For example, many nameservers internally form tree
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor hash structures for the name space, and chain RRs off nodes.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The remaining RR parts are the fixed header (type, class, TTL)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich is consistent for all RRs, and a variable part (RDATA) that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefits the needs of the resource being described.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The meaning of the TTL field is a time limit on how long an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRR can be kept in a cache. This limit does not apply to authoritative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedata in zones; it is also timed out, but by the refreshing policies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor the zone. The TTL is assigned by the administrator for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone where the data originates. While short TTLs can be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceminimize caching, and a zero TTL prohibits caching, the realities
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof Internet performance suggest that these times should be on the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceorder of days for the typical host. If a change can be anticipated,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe TTL can be reduced prior to the change to minimize inconsistency
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceduring the change, and then increased back to its former value following
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe change.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The data in the RDATA section of RRs is carried as a combination
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof binary strings and domain names. The domain names are frequently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused as "pointers" to other data in the DNS.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.1.2. Textual expression of RRs</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>RRs are represented in binary form in the packets of the DNS
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprotocol, and are usually represented in highly encoded form when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucestored in a nameserver or resolver. In the examples provided in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRFC 1034, a style similar to that used in master files was employed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein order to show the contents of RRs. In this format, most RRs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare shown on a single line, although continuation lines are possible
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing parentheses.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The start of the line gives the owner of the RR. If a line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebegins with a blank, then the owner is assumed to be the same as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat of the previous RR. Blank lines are often included for readability.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Following the owner, we list the TTL, type, and class of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRR. Class and type use the mnemonics defined above, and TTL is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean integer before the type field. In order to avoid ambiguity in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceparsing, type and class mnemonics are disjoint, TTLs are integers,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand the type mnemonic is always last. The IN class and TTL values
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare often omitted from examples in the interests of clarity.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The resource data or RDATA section of the RR are given using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceknowledge of the typical representation for the data.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example, we might show the RRs carried in a message as:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>128.9.0.32</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.1.0.52</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.2.0.27</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>128.9.0.33</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The MX RRs have an RDATA section which consists of a 16 bit
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenumber followed by a domain name. The address RRs use a standard
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIP address format to contain a 32 bit internet address.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This example shows six RRs, with two RRs at each of three
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedomain names.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Similarly we might see:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.44</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson>This example shows two addresses for <TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeach of a different class.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.2. Discussion of MX Records</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>As described above, domain servers store information as a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceseries of resource records, each of which contains a particular
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepiece of information about a given domain name (which is usually,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut not always, a host). The simplest way to think of a RR is as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea typed pair of datum, a domain name matched with relevant data,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand stored with some additional type information to help systems determine
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhen the RR is relevant.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>MX records are used to control delivery of email. The data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified in the record is a priority and a domain name. The priority
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecontrols the order in which email delivery is attempted, with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelowest number first. If two priorities are the same, a server is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucechosen randomly. If no servers at a given priority are responding,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe mail transport agent will fall back to the next largest priority.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePriority numbers do not have any absolute meaning — they are relevant
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceonly respective to other MX records for that domain name. The domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename given is the machine to which the mail will be delivered. It <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean associated A record — CNAME is not sufficient.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For a given domain, if there is both a CNAME record and an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceMX record, the MX record is in error, and will be ignored. Instead,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe mail will be delivered to the server specified in the MX record
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucepointed to by the CNAME.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.1</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>10.0.0.2</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example:</P
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson>Mail delivery will be attempted to <TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssonany order), and if neither of those succeed, delivery to <TT
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe attempted.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="Setting_TTLs"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.3. Setting TTLs</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The time to live of the RR field is a 32 bit integer represented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein units of seconds, and is primarily used by resolvers when they
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecache RRs. The TTL describes how long a RR can be cached before it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshould be discarded. The following three types of TTL are currently
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceused in a zone file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The last field in the SOA is the negative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecaching TTL. This controls how long other servers will cache no-such-domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(NXDOMAIN) responses from you.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The maximum time for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenegative caching is 3 hours (3h).</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The $TTL directive at the top of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone file (before the SOA) gives a default TTL for every RR without
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea specific TTL set.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Each RR can have a TTL as the second
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefield in the RR, which will control how long other servers can cache
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>All of these TTLs default to units of seconds, though units
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan be explicitly specified, for example, <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.4. Inverse Mapping in IPv4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Reverse name resolution (that is, translation from IP address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto name) is achieved by means of the <I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="emphasis"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand PTR records. Entries in the in-addr.arpa domain are made in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceleast-to-most significant order, read left to right. This is the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceopposite order to the way IP addresses are usually written. Thus,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucea machine with an IP address of 10.1.2.3 would have a corresponding
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce3.2.1.10.in-addr.arpa. This name should have a PTR resource record
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhose data field is the name of the machine or, optionally, multiple
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePTR records if the machine has more than one name. For example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the [<SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>] domain:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> lines in the examples
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare for providing context to the examples only-they do not necessarily
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceappear in the actual usage. They are only used here to indicate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat the example is relative to the listed origin.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5. Other Zone File Directives</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The Master File Format was initially defined in RFC 1035 and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehas subsequently been extended. While the Master File Format itself
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis class independent all records in a Master File must be of the same
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Master File Directives include <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.1. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>domain-name</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> sets the domain name that will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe appended to any unqualified records. When a zone is first read
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein there is an implicit <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="varname"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>zone-name</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is appended to the domain specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> argument if it is not absolute.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWWW CNAME MAIN-SERVER</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>is equivalent to</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
035cd7b5bd983b3845da08680ac311c754809403Andreas Gustafsson>WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.2. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Read and process the file <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>filename</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceif it were included into the file at this point. If <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecified the file is processed with <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto that value, otherwise the current <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
3287b57976fa270224c18aa21445d24bb7fa760fAndreas Gustafsson>The origin and the current domain name
3287b57976fa270224c18aa21445d24bb7fa760fAndreas Gustafssonrevert to the values they had prior to the <B
3287b57976fa270224c18aa21445d24bb7fa760fAndreas GustafssonCLASS="command"
3287b57976fa270224c18aa21445d24bb7fa760fAndreas Gustafssonthe file has been read.</P
3287b57976fa270224c18aa21445d24bb7fa760fAndreas GustafssonRFC 1035 specifies that the current origin should be restored after
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
3287b57976fa270224c18aa21445d24bb7fa760fAndreas Gustafsson>, but it is silent on whether the current
3287b57976fa270224c18aa21445d24bb7fa760fAndreas Gustafssondomain name should also be restored. BIND 9 restores both of them.
3287b57976fa270224c18aa21445d24bb7fa760fAndreas GustafssonThis could be construed as a deviation from RFC 1035, a feature, or both.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce></BLOCKQUOTE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.5.3. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-ttl</I
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Set the default Time To Live (TTL) for subsequent records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is defined in RFC 2308.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>6.3.6. <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Master File Extension: the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Directive</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="optional"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> is used to create a series of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresource records that only differ from each other by an iterator. <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe used to easily generate the sets of records required to support
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesub /24 reverse delegations described in RFC 2317: Classless IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedelegation.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce$GENERATE 1-2 0 NS SERVER$.EXAMPLE.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce$GENERATE 1-127 $ CNAME $.0</TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>is equivalent to</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce1.0.0.192.IN-ADDR.ARPA CNAME 1.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce2.0.0.192.IN-ADDR.ARPA CNAME 2.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce127.0.0.192.IN-ADDR.ARPA CNAME 127.0.0.0.192.IN-ADDR.ARPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This can be one of two forms: start-stop
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceor start-stop/step. If the first form is used then step is set to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce 1. All of start, stop and step must be positive.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> describes the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceowner name of the resource records to be created. Any single <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewithin the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> side are replaced by the iterator
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonTo get a $ in the output you need to escape the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonusing a backslash <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> may optionally be followed
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonby modifiers which change the offset from the interator, field width and base.
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonModifiers are introduced by a <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> immediately following the
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>${offset[,width[,base]]}</B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> which subtracts 20 from the current value,
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonprints the result as a decimal in a zero padded field of with 3. Available
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonoutput forms are decimal (<B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonand hexadecimal (<B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson> for uppercase).
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonThe default modifier is <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceabsolute, the current <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson> is appended to
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafsson>For compatability with earlier versions <B
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas GustafssonCLASS="command"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonrecognised a indicating a literal $ in the output.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>At present the only supported types are
da4cfd494c1f8d612c7e1d5407567686b326e511Andreas GustafssonPTR, CNAME, DNAME, A, AAAA and NS.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="MIDDLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rhs is a domain name. It is processed
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesimilarly to lhs.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>$GENERATE</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> directive is a <SPAN
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
dcebbac4f62ffa1a8c907095c85c4bea110216ffAndreas Gustafssonand not part of the standard zone file format.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVFOOTER"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Lightweight Resolver</TD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9 Security Considerations</TD