Bv9ARM.ch06.html revision 5a4557e8de2951a2796676b5ec4b6a90caa5be14
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
04428429c4e689333e3ef8d19a2debeb20d4d15dMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
e999539fb3e45b2617571e0e3ecd651992291701Mark Andrews - Permission to use, copy, modify, and distribute this software for any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - purpose with or without fee is hereby granted, provided that the above
555d01f4c02295e896a26c649d0ffc8808a0bbdcAutomatic Updater - copyright notice and this permission notice appear in all copies.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<!-- $Id: Bv9ARM.ch06.html,v 1.114 2005/07/19 06:12:18 marka Exp $ -->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>Chapter�6.�BIND 9 Configuration Reference</title>
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<table width="100%" summary="Navigation header">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<tr><th colspan="3" align="center">Chapter�6.�<span class="acronym">BIND</span> 9 Configuration Reference</th></tr>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
bac1bc98410bd876b8d38a6de6126709a7f8cc5aAutomatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="titlepage"><div><div><h2 class="title">
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater<a name="Bv9ARM.ch06"></a>Chapter�6.�<span class="acronym">BIND</span> 9 Configuration Reference</h2></div></div></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2543382">Comment Syntax</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544062"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544321"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544613"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544628"><span><strong class="command">include</strong></span> Statement Definition and
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544651"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544673"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544744"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544870"><span><strong class="command">logging</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546289"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546362"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546426"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546470"><span><strong class="command">masters</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546485"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554265"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554314"><span><strong class="command">trusted-keys</strong></span> Statement Definition
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
80f9a970ae6681c08529ef209eaabbe078c27ca3Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554453"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
2831d2c54acc60414e9ffaf5c702ba475f06754bMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2555184"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2557100">Zone File</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2559258">Discussion of MX Records</a></span></dt>
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2559810">Inverse Mapping in IPv4</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2559937">Other Zone File Directives</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2560125"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 9 configuration is broadly similar
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to <span class="acronym">BIND</span> 8; however, there are a few new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of configuration, such as views. <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 8 configuration files should work with few alterations in <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 9, although more complex configurations should be reviewed to check
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if they can be more efficiently implemented using the new features
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater found in <span class="acronym">BIND</span> 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 4 configuration files can be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater converted to the new format
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using the shell script
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Following is a list of elements used throughout the <span class="acronym">BIND</span> configuration
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews file documentation:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews The name of an <code class="varname">address_match_list</code> as
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews defined by the <span><strong class="command">acl</strong></span> statement.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">address_match_list</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of one or more
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson or <code class="varname">acl_name</code> elements, see
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson A named list of one or more <code class="varname">ip_addr</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews with optional <code class="varname">key_id</code> and / or
8ae412a86ed138263796195eed82a4716e7effcbMark Andrews A <code class="varname">masters_list</code> may include other
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">masters_lists</code>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews A quoted string which will be used as
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson a DNS name, for example "<code class="literal">my.test.domain</code>".
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews One to four integers valued 0 through
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv4 address with exactly four elements
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in <code class="varname">dotted_decimal</code> notation.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington IPv6 scoped addresses that have ambiguity on their scope
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zones must be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disambiguated by an appropriate zone ID with the percent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (`%') as delimiter.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington It is strongly recommended to use string zone names rather
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington numeric identifiers, in order to be robust against system
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration changes.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington However, since there is no standard mapping for such names
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington identifier values, currently only interface names as link
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are supported, assuming one-to-one mapping between
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces and links.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For example, a link-local address <span><strong class="command">fe80::1</strong></span> on the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington link attached to the interface <span><strong class="command">ne0</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Note that on most systems link-local addresses always have
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ambiguity, and need to be disambiguated.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews An IP port <code class="varname">number</code>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="varname">number</code> is limited to 0
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington through 65535, with values
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews below 1024 typically restricted to use by processes running
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews In some cases an asterisk (`*') character can be used as a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater placeholder to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington select a random high-numbered port.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IP network specified as an <code class="varname">ip_addr</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a slash (`/') and then the number of bits in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Trailing zeros in a <code class="varname">ip_addr</code>
2d4f33db52cdd5c8bb7cd86b4c5f74205d686646Automatic Updater For example, <span><strong class="command">127/8</strong></span> is the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater network <span><strong class="command">127.0.0.0</strong></span> with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">domain_name</code> representing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the name of a shared key, to be used for transaction
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A list of one or more
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater separated by semicolons and ending with a semicolon.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A non-negative 32 bit integer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (i.e., a number between 0 and 4294967295, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Its acceptable value might further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be limited by the context in which it is used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A quoted string which will be used as
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A number, the word <strong class="userinput"><code>unlimited</code></strong>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or the word <strong class="userinput"><code>default</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the limit that was in force when the server was started.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">number</code> can optionally be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a scaling factor:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for kilobytes,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for megabytes, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington which scale by 1024, 1024*1024, and 1024*1024*1024
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The value must be representable as a 64-bit unsigned integer
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews (0 to 18446744073709551615, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Using <code class="varname">unlimited</code> is the best
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews to safely set a really large number.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and <strong class="userinput"><code>0</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">dialup_option</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington One of <strong class="userinput"><code>yes</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>passive</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews are restricted to slave and stub zones.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543248"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address_match_list_element; ... </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key key_id | acl_name | { address_match_list } )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543275"></a>Definition and Usage</h4></div></div></div>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater Address match lists are primarily used to determine access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control for various server operations. They are also used in
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements. The elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which constitute an address match list can be any of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a key ID, as defined by the <span><strong class="command">key</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>the name of an address match list defined with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the <span><strong class="command">acl</strong></span> statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>a nested address match list enclosed in braces</li>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Elements can be negated with a leading exclamation mark (`!'),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the match list names "any", "none", "localhost", and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are predefined. More information on those names can be found in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the description of the acl statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The addition of the key clause made the name of this syntactic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater element something of a misnomer, since security keys can be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to validate access without regard to a host or network address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the term "address match list" is still used throughout the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater documentation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When a given IP address or prefix is compared to an address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match list, the list is traversed in order until an element
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The interpretation of a match depends on whether the list is being
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater for access control, defining listen-on ports, or in a sortlist,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and whether the element was negated.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews When used as an access control list, a non-negated match allows
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater access and a negated match denies access. If there is no match,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater access is denied. The clauses <span><strong class="command">allow-notify</strong></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-query</strong></span>, <span><strong class="command">allow-query-cache</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-transfer</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-update</strong></span>, <span><strong class="command">allow-update-forwarding</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <span><strong class="command">blackhole</strong></span> all use address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Similarly, the listen-on option will cause the server to not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater queries on any of the machine's addresses which do not match the
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein Because of the first-match aspect of the algorithm, an element
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that defines a subset of another element in the list should come
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington before the broader element, regardless of whether either is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span> the 1.2.3.13
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater completely useless because the algorithm will match any lookup for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that problem by having 1.2.3.13 blocked by the negation but all
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater other 1.2.3.* hosts fall through.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543382"></a>Comment Syntax</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span class="acronym">BIND</span> 9 comment syntax allows for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington comments to appear
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington anywhere that white space may appear in a <span class="acronym">BIND</span> configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file. To appeal to programmers of all kinds, they can be written
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543397"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is a <span class="acronym">BIND</span> comment as in C */</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is a <span class="acronym">BIND</span> comment as in C++</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is a <span class="acronym">BIND</span> comment as in common UNIX shells and perl</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543427"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Comments may appear anywhere that whitespace may appear in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a <span class="acronym">BIND</span> configuration file.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington C-style comments start with the two characters /* (slash,
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews star) and end with */ (star, slash). Because they are completely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delimited with these characters, they can be used to comment only
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington a portion of a line or to span multiple lines.
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington C-style comments cannot be nested. For example, the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is not valid because the entire comment ends with the first */:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting">/* This is the start of a comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This is still part of the comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington/* This is an incorrect attempt at nesting a comment. */
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This is no longer in any comment. */
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington C++-style comments start with the two characters // (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater slash) and continue to the end of the physical line. They cannot
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be continued across multiple physical lines; to have one logical
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment span multiple lines, each line must use the // pair.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// part of the previous comment.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson Shell-style (or perl-style, if you prefer) comments start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with the character <code class="literal">#</code> (number sign)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and continue to the end of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater physical line, as in C++ comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# part of the previous comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater You cannot use the semicolon (`;') character
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to start a comment such as you would in a zone file. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater semicolon indicates the end of a configuration
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <span class="acronym">BIND</span> 9 configuration consists of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements and comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Statements end with a semicolon. Statements and comments are the
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater only elements that can appear without enclosing braces. Many
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements contain a block of sub-statements, which are also
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater terminated with a semicolon.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following statements are supported:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">acl</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named IP address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater matching list, for access control and other uses.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <p><span><strong class="command">controls</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater declares control channels to be used
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews by the <span><strong class="command">rndc</strong></span> utility.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">include</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews includes a file.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">key</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews specifies key information for use in
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews authentication and authorization using TSIG.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">logging</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specifies what the server logs, and where
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater the log messages are sent.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">lwres</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configures <span><strong class="command">named</strong></span> to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also act as a light weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">masters</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines a named masters list for
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater inclusion in stub and slave zone masters clauses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">options</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington controls global server configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater options and sets defaults for other statements.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">server</strong></span></p>
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington sets certain configuration options on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a per-server basis.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">trusted-keys</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines trusted DNSSEC keys.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">view</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a view.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">zone</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines a zone.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater The <span><strong class="command">logging</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statements may only occur once
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson<a name="id2544062"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address_match_list
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">acl</strong></span> statement assigns a symbolic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name to an address match list. It gets its name from a primary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use of address match lists: Access Control Lists (ACLs).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that an address match list's name must be defined
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">acl</strong></span> before it can be used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington forward references are allowed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following ACLs are built-in:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">any</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches all hosts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">none</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches no hosts.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">localhost</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches the IPv4 and IPv6 addresses of all network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater interfaces on the system.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">localnets</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Matches any host on an IPv4 or IPv6 network
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for which the system has an interface.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Some systems do not provide a way to determine the prefix
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local IPv6 addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In such a case, <span><strong class="command">localnets</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only matches the local
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2544321"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<pre class="programlisting"><span><strong class="command">controls</strong></span> {
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews [ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson keys { <em class="replaceable"><code>key_list</code></em> }; ]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em> keys { <em class="replaceable"><code>key_list</code></em> }; ]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews<div class="titlepage"><div><div><h3 class="title">
282e38d96feb488fddbbc0b0409491094786977fMark Andrews<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">controls</strong></span> statement declares control
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater channels to be used by system administrators to control the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater operation of the name server. These control channels are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used by the <span><strong class="command">rndc</strong></span> utility to send
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater commands to and retrieve non-DNS results from a name server.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews An <span><strong class="command">inet</strong></span> control channel is a TCP socket
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews listening at the specified <span><strong class="command">ip_port</strong></span> on the
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> is
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews interpreted as the IPv4 wildcard address; connections will be
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews accepted on any of the system's IPv4 addresses.
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews To listen on the IPv6 wildcard address,
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews If you will only use <span><strong class="command">rndc</strong></span> on the local host,
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater using the loopback address (<code class="literal">127.0.0.1</code>
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater or <code class="literal">::1</code>) is recommended for maximum security.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews If no port is specified, port 953 is used.
10b4a0c3a4eec1b22b990c0a0595fbda51f54e94Automatic Updater "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews The ability to issue commands over the control channel is
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews restricted by the <span><strong class="command">allow</strong></span> and
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">keys</strong></span> clauses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Connections to the control channel are permitted based on the
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">address_match_list</strong></span>. This is for simple
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews IP address based filtering only; any <span><strong class="command">key_id</strong></span>
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews elements of the <span><strong class="command">address_match_list</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews are ignored.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews An <span><strong class="command">unix</strong></span> control channel is a UNIX domain
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews socket listening at the specified path in the file system.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Note on some platforms (SunOS and Solaris) the permissions
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews (<span><strong class="command">perm</strong></span>) are applied to the parent directory
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews as the permissions on the socket itself are ignored.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews The primary authorization mechanism of the command
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews channel is the <span><strong class="command">key_list</strong></span>, which
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews contains a list of <span><strong class="command">key_id</strong></span>s.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is authorized to execute commands over the control channel.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews for information about configuring keys in <span><strong class="command">rndc</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews If no <span><strong class="command">controls</strong></span> statement is present,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will set up a default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews control channel listening on the loopback address 127.0.0.1
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and its IPv6 counterpart ::1.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In this case, and also when the <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is present but does not have a <span><strong class="command">keys</strong></span> clause,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will attempt to load the command channel key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from the file <code class="filename">rndc.key</code> in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified as when <span class="acronym">BIND</span> was built).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To create a <code class="filename">rndc.key</code> file, run
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <strong class="userinput"><code>rndc-confgen -a</code></strong>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <code class="filename">rndc.key</code> feature was created to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ease the transition of systems from <span class="acronym">BIND</span> 8,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews which did not have digital signatures on its command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews It makes it possible to use an existing <span class="acronym">BIND</span> 8
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configuration file in <span class="acronym">BIND</span> 9 unchanged,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and still have <span><strong class="command">rndc</strong></span> work the same way
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Since the <code class="filename">rndc.key</code> feature
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only intended to allow the backward-compatible usage of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span class="acronym">BIND</span> 8 configuration files, this
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews feature does not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews have a high degree of configurability. You cannot easily change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the key name or the size of the secret, so you should make a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> with your own key if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wish to change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews those things. The <code class="filename">rndc.key</code> file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews also has its
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions set such that only the owner of the file (the user that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> is running as) can access it.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews desire greater flexibility in allowing other users to access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">rndc</strong></span> commands then you need to create
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> and make it group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews readable by a group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that contains the users who should have access.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To disable the command channel, use an empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls</strong></span> statement:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls { };</strong></span>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544613"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544628"></a><span><strong class="command">include</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">include</strong></span> statement inserts the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified file at the point where the <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement is encountered. The <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement facilitates the administration of configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews by permitting the reading or writing of some things but not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews others. For example, the statement could include private keys
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that are readable only by the name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544651"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544673"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement defines a shared
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or the command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement can occur at the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the configuration file or inside a <span><strong class="command">view</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement. Keys defined in top-level <span><strong class="command">key</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statements can be used in all views. Keys intended for use in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews must be defined at the top level.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>key_id</code></em>, also known as the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews key name, is a domain name uniquely identifying the key. It can
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be used in a <span><strong class="command">server</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement to cause requests sent to that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server to be signed with this key, or in address match lists to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews verify that incoming requests have been signed with a key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews matching this name, algorithm, and secret.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>algorithm_id</code></em> is a string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that specifies a security/authentication algorithm. The only
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm currently supported with TSIG authentication is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>secret_string</code></em> is the secret
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews used by the algorithm, and is treated as a base-64 encoded
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544744"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">logging</strong></span> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">stderr</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">null</strong></span> );
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544870"></a><span><strong class="command">logging</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">logging</strong></span> statement configures a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews associates output methods, format options and severity levels with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a name that can then be used with the <span><strong class="command">category</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to select how various classes of messages are logged.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Only one <span><strong class="command">logging</strong></span> statement is used to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the logging configuration will be:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category default { default_syslog; default_debug; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category unmatched { null; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In <span class="acronym">BIND</span> 9, the logging configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only established when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the entire configuration file has been parsed. In <span class="acronym">BIND</span> 8, it was
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews established as soon as the <span><strong class="command">logging</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was parsed. When the server is starting up, all logging messages
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews regarding syntax errors in the configuration file go to the default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channels, or to standard error if the "<code class="option">-g</code>" option
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2544990"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews you can make as many of them as you want.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Every channel definition must include a destination clause that
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews says whether messages selected for the channel go to a file, to a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews particular syslog facility, to the standard error stream, or are
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews discarded. It can optionally also limit the message severity level
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews that will be accepted by the channel (the default is
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">info</strong></span>), and whether to include a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">named</strong></span>-generated time stamp, the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews category name
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews and/or severity level (the default is not to include any).
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">null</strong></span> destination clause
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews causes all messages sent to the channel to be discarded;
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews in that case, other options for the channel are meaningless.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">file</strong></span> destination clause directs
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews to a disk file. It can include limitations
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews both on how large the file is allowed to become, and how many
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews of the file will be saved each time the file is opened.
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews If you use the <span><strong class="command">versions</strong></span> log file
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews option, then
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews <span><strong class="command">named</strong></span> will retain that many backup
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews versions of the file by
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews renaming them when opening. For example, if you choose to keep 3
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews old versions
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews of the file <code class="filename">lamers.log</code> then just
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews before it is opened
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews <code class="filename">lamers.log.1</code> is renamed to
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews <code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson renamed to <code class="filename">lamers.log.0</code>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews You can say <span><strong class="command">versions unlimited</strong></span> to
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater the number of versions.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater If a <span><strong class="command">size</strong></span> option is associated with
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson then renaming is only done when the file being opened exceeds the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson indicated size. No backup versions are kept by default; any
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews log file is simply appended.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews The <span><strong class="command">size</strong></span> option for files is used
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews to limit log
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews associated with it. If backup versions are kept, the files are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater described above and a new one begun. If there is no
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">versions</strong></span> option, no more data will
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews be written to the log
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews until some out-of-band mechanism removes or truncates the log to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews less than the
da93950363b307b718d156514b95b9df93a63776Mark Andrews maximum size. The default behavior is not to limit the size of
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews Example usage of the <span><strong class="command">size</strong></span> and
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater <span><strong class="command">versions</strong></span> options:
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater<pre class="programlisting">channel an_example_channel {
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater file "example.log" versions 3 size 20m;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater print-time yes;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater print-category yes;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span><strong class="command">syslog</strong></span> destination clause
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews channel to the system log. Its argument is a
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews syslog facility as described in the <span><strong class="command">syslog</strong></span> man
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews <span><strong class="command">local7</strong></span>, however not all facilities
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews are supported on
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews all operating systems.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews How <span><strong class="command">syslog</strong></span> will handle messages
8af4db0817e439e428880b71ec188a75f9adbe98Mark Andrews this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews then this clause is silently ignored.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews "priorities", except that they can also be used if you are writing
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews straight to a file rather than using <span><strong class="command">syslog</strong></span>.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews Messages which are not at least of the severity level given will
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews not be selected for the channel; messages of higher severity
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews will be accepted.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews will also determine what eventually passes through. For example,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews cause messages of severity <span><strong class="command">info</strong></span> and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <span><strong class="command">notice</strong></span> to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews messages of only <span><strong class="command">warning</strong></span> or higher,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews then <span><strong class="command">syslogd</strong></span> would
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews print all messages it received from the channel.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews The <span><strong class="command">stderr</strong></span> destination clause
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews channel to the server's standard error stream. This is intended
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews use when the server is running as a foreground process, for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when debugging a configuration.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews The server can supply extensive debugging information when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it is in debugging mode. If the server's global debug level is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews than zero, then debugging mode will be active. The global debug
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews level is set either by starting the <span><strong class="command">named</strong></span> server
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews with the <code class="option">-d</code> flag followed by a positive integer,
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews or by running <span><strong class="command">rndc trace</strong></span>.
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews The global debug level
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater can be set to zero, and debugging mode turned off, by running <span><strong class="command">ndc
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaternotrace</strong></span>. All debugging messages in the server have a debug
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater level, and higher debug levels give more detailed output. Channels
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that specify a specific debug severity, for example:
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<pre class="programlisting">channel specific_debug_level {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews severity debug 3;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews will get debugging output of level 3 or less any time the
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews server is in debugging mode, regardless of the global debugging
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews level. Channels with <span><strong class="command">dynamic</strong></span>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews severity use the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews server's global debug level to determine what messages to print.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews If <span><strong class="command">print-time</strong></span> has been turned on,
e2a5e7f282f68046d02581b9b00be6e42d07c336Automatic Updater the date and time will be logged. <span><strong class="command">print-time</strong></span> may
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be specified for a <span><strong class="command">syslog</strong></span> channel,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington but is usually
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington pointless since <span><strong class="command">syslog</strong></span> also prints
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington time. If <span><strong class="command">print-category</strong></span> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington requested, then the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be used in any combination, and will always be printed in the
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews order: time, category, severity. Here is an example where all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater three <span><strong class="command">print-</strong></span> options
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="computeroutput">28-Feb-2000 15:05:32.863 general: notice: running</code>
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews There are four predefined channels that are used for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named</strong></span>'s default logging as follows.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
5f7e0eb1cb917b788906d3e2aa01bfc4885dcae4Mark Andrews<pre class="programlisting">channel default_syslog {
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews syslog daemon; // send to syslog's daemon
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews severity info; // only send priority info
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewschannel default_debug {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file "named.run"; // write to named.run in
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington // the working directory
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // Note: stderr is used instead
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson // if the server is started
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater // with the '-f' option.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews severity dynamic; // log at the server's
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews // current debug level
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrewschannel default_stderr {
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews stderr; // writes to stderr
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews severity info; // only send priority info
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews // and higher
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrewschannel null {
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews null; // toss anything sent to
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews // this channel
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater The <span><strong class="command">default_debug</strong></span> channel has the
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews property that it only produces output when the server's debug
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater nonzero. It normally writes to a file <code class="filename">named.run</code>
981fd9903a13ba8b13e181a9eee51f228c7204c1Automatic Updater in the server's working directory.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews For security reasons, when the "<code class="option">-u</code>"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews command line option is used, the <code class="filename">named.run</code> file
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews is created only after <span><strong class="command">named</strong></span> has
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews changed to the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater starting up and still running as root is discarded. If you need
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to capture this output, you must run the server with the "<code class="option">-g</code>"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews option and redirect standard error to a file.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Once a channel is defined, it cannot be redefined. Thus you
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews cannot alter the built-in channels directly, but you can modify
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the default logging by pointing categories at channels you have
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h4 class="title">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews There are many categories, so you can send the logs you want
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to see wherever you want, without seeing logs you don't want. If
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews you don't specify a list of channels for a category, then log
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews in that category will be sent to the <span><strong class="command">default</strong></span> category
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews instead. If you don't specify a default category, the following
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews "default default" is used:
e49d15b398d34b76ceb51e50bcfea9501ade07b6Mark Andrews<pre class="programlisting">category default { default_syslog; default_debug; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews As an example, let's say you want to log security events to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews a file, but you also want keep the default logging behavior. You'd
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews specify the following:
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews<pre class="programlisting">channel my_security_channel {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews file "my_security_file";
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity info;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory security {
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews my_security_channel;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews default_syslog;
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews default_debug;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">category xfer-out { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory notify { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Following are the available categories and brief descriptions
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews of the types of log information they contain. More
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews categories may be added in future <span class="acronym">BIND</span> releases.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">default</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The default category defines the logging
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews options for those categories where no specific
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews configuration has been
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">general</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The catch-all. Many things still aren't
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews classified into categories, and they all end up here.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">database</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Messages relating to the databases used
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews internally by the name server to store zone and cache
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">security</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Approval and denial of requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">config</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Configuration file parsing and processing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">resolver</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews DNS resolution, such as the recursive
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews lookups performed on behalf of clients by a caching name
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">xfer-in</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is receiving.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">xfer-out</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is sending.
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews <p><span><strong class="command">notify</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The NOTIFY protocol.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">client</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Processing of client requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">unmatched</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Messages that named was unable to determine the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater class of or for which there was no matching <span><strong class="command">view</strong></span>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews This category is best sent to a file or stderr, by
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews default it is sent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">null</strong></span> channel.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">network</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Network operations.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">update</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Dynamic updates.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">update-security</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Approval and denial of update requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">queries</strong></span></p>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Specify where queries should be logged to.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At startup, specifing the category <span><strong class="command">queries</strong></span> will also
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews enable query logging unless <span><strong class="command">querylog</strong></span> option has been
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson The query log entry reports the client's IP address and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater port number. The
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews query name, class and type. It also reports whether the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Recursion Desired
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater flag was set (+ if set, - if not set), EDNS was in use
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater query was signed (S).
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="computeroutput">client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</code>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <code class="computeroutput">client ::1#62537: query: www.example.net IN AAAA -SE</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">dispatch</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Dispatching of incoming packets to the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews server modules where they are to be processed.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">dnssec</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNSSEC and TSIG protocol processing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">lame-servers</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Lame servers. These are misconfigurations
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson in remote servers, discovered by BIND 9 when trying to
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews those servers during resolution.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <p><span><strong class="command">delegation-only</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Delegation only. Logs queries that have have
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews been forced to NXDOMAIN as the result of a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews delegation-only zone or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a <span><strong class="command">delegation-only</strong></span> in a
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson hint or stub zone declaration.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2546289"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is the grammar of the <span><strong class="command">lwres</strong></span>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson statement in the <code class="filename">named.conf</code> file:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews [<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews [<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews [<span class="optional"> ndots <em class="replaceable"><code>number</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h3 class="title">
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<a name="id2546362"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson The <span><strong class="command">lwres</strong></span> statement configures the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews server to also act as a lightweight resolver server, see
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>. There may be be multiple
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <span><strong class="command">lwres</strong></span> statements configuring
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews lightweight resolver servers with different properties.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson The <span><strong class="command">listen-on</strong></span> statement specifies a
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews addresses (and ports) that this instance of a lightweight resolver
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should accept requests on. If no port is specified, port 921 is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this statement is omitted, requests will be accepted on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">view</strong></span> statement binds this
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver daemon to a view in the DNS namespace, so that
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews response will be constructed in the same manner as a normal DNS
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews matching this view. If this statement is omitted, the default view
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used, and if there is no default view, an error is triggered.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews The <span><strong class="command">search</strong></span> statement is equivalent to
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <span><strong class="command">search</strong></span> statement in
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <code class="filename">/etc/resolv.conf</code>. It provides a
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews list of domains
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews which are appended to relative names in queries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">ndots</strong></span> statement is equivalent to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">ndots</strong></span> statement in
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="filename">/etc/resolv.conf</code>. It indicates the
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson number of dots in a relative domain name that should result in an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater exact match lookup before search path elements are appended.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<a name="id2546426"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews<div class="titlepage"><div><div><h3 class="title">
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews<a name="id2546470"></a><span><strong class="command">masters</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span><strong class="command">masters</strong></span>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews lists allow for a common set of masters to be easily used by
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews multiple stub and slave zones.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h3 class="title">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a name="id2546485"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews This is the grammar of the <span><strong class="command">options</strong></span>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews statement in the <code class="filename">named.conf</code> file:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> directory <em class="replaceable"><code>path_name</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> named-xfer <em class="replaceable"><code>path_name</code></em>; </span>]
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews [<span class="optional"> tkey-domain <em class="replaceable"><code>domainname</code></em>; </span>]
555d01f4c02295e896a26c649d0ffc8808a0bbdcAutomatic Updater [<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dump-file <em class="replaceable"><code>path_name</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> pid-file <em class="replaceable"><code>path_name</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fake-iquery <em class="replaceable"><code>yes_or_no</code></em>; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> fetch-glue <em class="replaceable"><code>yes_or_no</code></em>; </span>]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson [<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson [<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
d0f1bbb621f111ff44bf2806bbc75a622a59feabAutomatic Updater [<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews [<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-lookaside <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater [<span class="optional"> forwarders { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews ... }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> integrity-checks <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater [<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews [<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
3a32066d653b39a3f602b697a0fb98a399b88f88Automatic Updater [<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater [<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> datasize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> files <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> stacksize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-roots <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews [<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> querylog <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>; [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-additional-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
5147281cb8e25c599d759dfa65fdb6f9125efefbMark Andrews [<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater [<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">options</strong></span> statement sets up global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be used by <span class="acronym">BIND</span>. This statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may appear only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater once in a configuration file. If there is no <span><strong class="command">options</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement, an options block with each option set to its default will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">directory</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The working directory of the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Any non-absolute pathnames in the configuration file will be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as relative to this directory. The default location for most
5147281cb8e25c599d759dfa65fdb6f9125efefbMark Andrews output files (e.g. <code class="filename">named.run</code>)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is this directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a directory is not specified, the working directory
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defaults to `<code class="filename">.</code>', the directory from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was started. The directory specified should be an absolute
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When performing dynamic update of secure zones, the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directory where the public and private key files should be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if different than the current working directory. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directory specified
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater must be an absolute path.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>This option is obsolete.</em></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It was used in <span class="acronym">BIND</span> 8 to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specify the pathname to the <span><strong class="command">named-xfer</strong></span> program.
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater In <span class="acronym">BIND</span> 9, no separate <span><strong class="command">named-xfer</strong></span> program is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater needed; its functionality is built into the name server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">tkey-domain</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The domain appended to the names of all
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater shared keys generated with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">TKEY</strong></span>. When a client
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater requests a <span><strong class="command">TKEY</strong></span> exchange, it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may or may not specify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the desired name for the key. If present, the name of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key will be "<code class="varname">client specified part</code>" +
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "<code class="varname">tkey-domain</code>".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Otherwise, the name of the shared key will be "<code class="varname">random hex
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdigits</code>" + "<code class="varname">tkey-domain</code>". In most cases,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">domainname</strong></span> should be the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">tkey-dhkey</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The Diffie-Hellman key used by the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to generate shared keys with clients using the Diffie-Hellman
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of <span><strong class="command">TKEY</strong></span>. The server must be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater able to load the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater public and private keys from files in the working directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater most cases, the keyname should be the server's host name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dump-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server dumps
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the database to when instructed to do so with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">rndc dumpdb</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named_dump.db</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">memstatistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes memory
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater usage statistics to on exit. If not specified,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the default is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">named.memstats</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">pid-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes its process ID
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in. If not specified, the default is <code class="filename">/var/run/named.pid</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pid-file is used by programs that want to send signals to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name server. Specifying <span><strong class="command">pid-file none</strong></span> disables the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use of a PID file — no file will be written and any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater existing one will be removed. Note that <span><strong class="command">none</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is a keyword, not a file name, and therefore is not enclosed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater double quotes.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">statistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server appends statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named.stats</code> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's current directory. The format of the file is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">port</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The UDP/TCP port number the server uses for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater receiving and sending DNS protocol traffic.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default is 53. This option is mainly intended for server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a server using a port other than 53 will not be able to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater communicate with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the global DNS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">random-device</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The source of entropy to be used by the server. Entropy is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater primarily needed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for DNSSEC operations, such as TKEY transactions and dynamic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater update of signed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zones. This options specifies the device (or file) from which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater entropy. If this is a file, operations requiring entropy will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file has been exhausted. If not specified, the default value
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (or equivalent) when present, and none otherwise. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">random-device</strong></span> option takes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the initial configuration load at server startup time and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is ignored on subsequent reloads.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">preferred-glue</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If specified the listed type (A or AAAA) will be emitted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater before other glue
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the additional section of a query response.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default is not to preference any type (NONE).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">root-delegation-only</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Turn on enforcement of delegation-only in TLDs and root zones
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater with an optional
f8448666aa53603696bea83de971a05007735d8fMark Andrews exclude list.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and "MUSEUM").
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">disable-algorithms</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Disable the specified DNSSEC algorithms at and below the
5147281cb8e25c599d759dfa65fdb6f9125efefbMark Andrews specified name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Multiple <span><strong class="command">disable-algorithms</strong></span>
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater statements are allowed.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Only the most specific will be applied.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<dt><span class="term"><span><strong class="command">dnssec-lookaside</strong></span></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews When set <span><strong class="command">dnssec-lookaside</strong></span>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson validator with an alternate method to validate DNSKEY records
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater top of a zone. When a DNSKEY is at or below a domain
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews specified by the
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater deepest <span><strong class="command">dnssec-lookaside</strong></span>, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the normal dnssec validation
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has left the key untrusted, the trust-anchor will be append to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name and a DLV record will be looked up to see if it can
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater key. If the DLV record validates a DNSKEY (similarly to the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater record does) the DNSKEY RRset is deemed to be trusted.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews Specify heirachies which must / may not be secure (signed and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong> then named will only accept
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater answers if they
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>no</code></strong> then normal dnssec validation
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allowing for insecure answers to be accepted.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The specified domain must be under a <span><strong class="command">trusted-key</strong></span> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dnssec-lookaside</strong></span> must be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="boolean_options"></a>Boolean Options</h4></div></div></div>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<dt><span class="term"><span><strong class="command">auth-nxdomain</strong></span></span></dt>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater is always set on NXDOMAIN responses, even if the server is
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater authoritative. The default is <strong class="userinput"><code>no</code></strong>;
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews a change from <span class="acronym">BIND</span> 8. If you
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are using very old DNS software, you
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews may need to set it to <strong class="userinput"><code>yes</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">deallocate-on-exit</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option was used in <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 8 to enable checking
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for memory leaks on exit. <span class="acronym">BIND</span> 9 ignores the option and always performs
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dialup</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server treats all zones as if they are doing zone transfers
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a dial on demand dialup link, which can be brought up by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater originating from this server. This has different effects
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to zone type and concentrates the zone maintenance so that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hopefully during the one call. It also suppresses some of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone maintenance traffic. The default is <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">dialup</strong></span> option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may also be specified in the <span><strong class="command">view</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">zone</strong></span> statements,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in which case it overrides the global <span><strong class="command">dialup</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If the zone is a master zone then the server will send out a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater request to all the slaves (default). This should trigger the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number check in the slave (providing it supports NOTIFY)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allowing the slave
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to verify the zone while the connection is active.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The set of servers to which NOTIFY is sent can be controlled
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone is a slave or stub zone, then the server will suppress
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "zone up to date" (refresh) queries and only perform them
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">heartbeat-interval</strong></span> expires in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater addition to sending
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater NOTIFY requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Finer control can be achieved by using
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater <strong class="userinput"><code>notify</code></strong> which only sends NOTIFY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong> which sends NOTIFY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater suppresses the normal refresh queries, <strong class="userinput"><code>refresh</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which suppresses normal refresh processing and sends refresh
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when the <span><strong class="command">heartbeat-interval</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>passive</code></strong> which just disables normal
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater normal refresh
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater heart-beat refresh
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater heart-beat notify
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">no</strong></span> (default)</p>
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <p><span><strong class="command">yes</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">notify</strong></span></p>
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <p><span><strong class="command">refresh</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">passive</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">notify-passive</strong></span></p>
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews Note that normal NOTIFY processing is not affected by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dialup</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">fake-iquery</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In <span class="acronym">BIND</span> 8, this option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater enabled simulating the obsolete DNS query type
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IQUERY. <span class="acronym">BIND</span> 9 never does
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IQUERY simulation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">fetch-glue</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option is obsolete.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In BIND 8, <strong class="userinput"><code>fetch-glue yes</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater caused the server to attempt to fetch glue resource records
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater didn't have when constructing the additional
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater data section of a response. This is now considered a bad
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater and BIND 9 never does it.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater When the nameserver exits due receiving SIGTERM,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater flush / do not flush any pending zone writes. The default
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater <span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">has-old-clients</strong></span></span></dt>
1b588ff54e83f082c186c713c4ea1112f8c823f8Mark Andrews This option was incorrectly implemented
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <span class="acronym">BIND</span> 8, and is ignored by <span class="acronym">BIND</span> 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To achieve the intended effect
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">host-statistics</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In BIND 8, this enables keeping of
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater statistics for every host that the name server interacts
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater Not implemented in BIND 9.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<dt><span class="term"><span><strong class="command">maintain-ixfr-base</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>This option is obsolete</em></span>.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater It was used in <span class="acronym">BIND</span> 8 to
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater determine whether a transaction log was
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater kept for Incremental Zone Transfer. <span class="acronym">BIND</span> 9 maintains a transaction
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater log whenever possible. If you need to disable outgoing
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater incremental zone
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<dt><span class="term"><span><strong class="command">minimal-responses</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then when generating
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews responses the server will only add records to the authority
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and additional data sections when they are required (e.g.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delegations, negative responses). This may improve the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater performance of the server.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington The default is <strong class="userinput"><code>no</code></strong>.
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<dt><span class="term"><span><strong class="command">multiple-cnames</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option was used in <span class="acronym">BIND</span> 8 to allow
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a domain name to have multiple CNAME records in violation of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the DNS standards. <span class="acronym">BIND</span> 9.2 onwards
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater always strictly enforces the CNAME rules both in master
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater files and dynamic updates.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">notify</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong> (the default),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS NOTIFY messages are sent when a zone the server is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authoritative for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater servers listed in the zone's NS records (except the master
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server identified
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the SOA MNAME field), and to any servers listed in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">also-notify</strong></span> option.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews If <strong class="userinput"><code>master-only</code></strong>, notifies are only
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews for master zones.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>explicit</code></strong>, notifies are sent only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater servers explicitly listed using <span><strong class="command">also-notify</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>no</code></strong>, no notifies are sent.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">notify</strong></span> option may also be
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington specified in the <span><strong class="command">zone</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It would only be necessary to turn off this option if it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">recursion</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, and a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS query requests recursion, then the server will attempt
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews all the work required to answer the query. If recursion is
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson and the server does not already know the answer, it will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater referral response. The default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>yes</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that setting <span><strong class="command">recursion no</strong></span> does not prevent
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews clients from getting data from the server's cache; it only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater prevents new data from being cached as an effect of client
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Caching may still occur as an effect the server's internal
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater operation, such as NOTIFY address lookups.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater See also <span><strong class="command">fetch-glue</strong></span> above.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater<dt><span class="term"><span><strong class="command">rfc2308-type1</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Setting this to <strong class="userinput"><code>yes</code></strong> will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington cause the server to send NS records along with the SOA
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater record for negative
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington answers. The default is <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Not yet implemented in <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">use-id-pool</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>This option is obsolete</em></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 9 always allocates query
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IDs from a pool.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">zone-statistics</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, the server will collect
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistical data on all zones (unless specifically turned
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on a per-zone basis by specifying <span><strong class="command">zone-statistics no</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the <span><strong class="command">zone</strong></span> statement).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater These statistics may be accessed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using <span><strong class="command">rndc stats</strong></span>, which will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dump them to the file listed
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington in the <span><strong class="command">statistics-file</strong></span>. See
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="term"><span><strong class="command">use-ixfr</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="emphasis"><em>This option is obsolete</em></span>.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews If you need to disable IXFR to a particular server or
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the information on the <span><strong class="command">provide-ixfr</strong></span> option
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage”</a>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="term"><span><strong class="command">provide-ixfr</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews See the description of
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews <span><strong class="command">provide-ixfr</strong></span> in
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews Usage”</a>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">request-ixfr</strong></span></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews See the description of
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">request-ixfr</strong></span> in
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage”</a>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">treat-cr-as-space</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews This option was used in <span class="acronym">BIND</span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews as a space or tab character,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to facilitate loading of zone files on a UNIX system that
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews were generated
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews on an NT or DOS machine. In <span class="acronym">BIND</span> 9, both UNIX "<span><strong class="command">\n</strong></span>"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and NT/DOS "<span><strong class="command">\r\n</strong></span>" newlines
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews are always accepted,
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews and the option is ignored.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews These options control the behavior of an authoritative
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews answering queries which have additional data, or when
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews following CNAME
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and DNAME chains.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When both of these options are set to <strong class="userinput"><code>yes</code></strong>
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson (the default) and a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater query is being answered from authoritative data (a zone
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson configured into the server), the additional data section of
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson reply will be filled in using data from other authoritative
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and from the cache. In some situations this is undesirable,
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson as when there is concern over the correctness of the cache,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in servers where slave zones may be added and modified by
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson untrusted third parties. Also, avoiding
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the search for this additional data will speed up server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at the possible expense of additional queries to resolve
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater otherwise be provided in the additional section.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater and the record found is "<code class="literal">MX 10 mail.example.net</code>", normally the address
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson records (A and AAAA) for <code class="literal">mail.example.net</code> will be provided as well,
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater if known, even though they are not in the example.com zone.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Setting these options to <span><strong class="command">no</strong></span>
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater disables this behavior and makes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the server only search for additional data in the zone it
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington answers from.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington These options are intended for use in authoritative-only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater servers, or in authoritative-only views. Attempts to set
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington them to <span><strong class="command">no</strong></span> without also
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">recursion no</strong></span> will cause the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ignore the options and log a warning message.
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews Specifying <span><strong class="command">additional-from-cache no</strong></span> actually
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater disables the use of the cache not only for additional data
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews but also when looking up the answer. This is usually the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater behavior in an authoritative-only server where the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater correctness of
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews the cached data is an issue.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When a name server is non-recursively queried for a name
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews below the apex of any served zone, it normally answers with
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater "upwards referral" to the root servers or the servers of
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater known parent of the query name. Since the data in an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater upwards referral
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comes from the cache, the server will not be able to provide
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater referrals when <span><strong class="command">additional-from-cache no</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has been specified. Instead, it will respond to such
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews with REFUSED. This should not cause any problems since
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater upwards referrals are not required for the resolution
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv4-mapped IPv6 address will match any address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list entries that match the corresponding IPv4 address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Enabling this option is sometimes useful on IPv6-enabled
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater systems, to work around a kernel quirk that causes IPv4
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews TCP connections such as zone transfers to be accepted
80f9a970ae6681c08529ef209eaabbe078c27ca3Mark Andrews on an IPv6 socket using mapped addresses, causing
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater address match lists designed for IPv4 to fail to match.
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews The use of this option for any other purpose is discouraged.
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews When 'yes' and the server loads a new version of a master
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone from its zone file or receives a new version of a slave
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file by a non-incremental zone transfer, it will compare
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the new version to the previous one and calculate a set
d8de612c8582bd51d980cb124ddfaa63774e38c9Automatic Updater of differences. The differences are then logged in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone's journal file such that the changes can be transmitted
40d9598efa56a495aabe77174cdf2429f9b01764Mark Andrews to downstream slaves as an incremental zone transfer.
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
stacked then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
a random unprivileged port will be used, <span><strong class="command">avoid-v4-udp-ports</strong></span>
quickly converge on stealth servers. If an <span><strong class="command">also-notify</strong></span> list
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(<a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>)
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
with the line <span><strong class="command">--- Statistics Dump --- (973798949)</strong></span>, where the
<dt><span class="term"><span><strong class="command">use-additional-cache</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <span class="acronym">BIND</span> 9, <span class="acronym">BIND</span>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="id2554265"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2554314"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2554453"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com zone
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com zone
zone "example.com" {
file "example-external.db";
<pre class="programlisting">zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] [<span class="optional">{
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-policy { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> integrity-checks <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
<a name="id2555184"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
status of infrastructure zones (e.g. COM, NET, ORG).
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">integrity-check</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <span class="acronym">BIND</span> 9 does not verify signatures
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
option, and are only meaningful for master zones. When the <span><strong class="command">update-policy</strong></span> statement
is present, it is a configuration error for the <span><strong class="command">allow-update</strong></span> statement
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> <em class="replaceable"><code>name</code></em> [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2559959"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2560020"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2560089"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2560125"></a><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
The <span><strong class="command">$GENERATE</strong></span> directive is a <span class="acronym">BIND</span> extension
<td width="40%" align="left" valign="top">Chapter�5.�The <span class="acronym">BIND</span> 9 Lightweight Resolver�</td>