Bv9ARM.ch06.html revision ceeb18e6907a10547859faa340ecad83bedae90c
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - Permission to use, copy, modify, and distribute this software for any
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - purpose with or without fee is hereby granted, provided that the above
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence - PERFORMANCE OF THIS SOFTWARE.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<!-- $Id: Bv9ARM.ch06.html,v 1.150 2007/03/06 00:24:45 marka Exp $ -->
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<title>Chapter�6.�BIND 9 Configuration Reference</title>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
899f7f9af527d3dfe8345dcc8210d7c23fc950afDavid Lawrence<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c4717613e45323ed23dc6e9162cba89f1f83830cDavid Lawrence<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
8f804834e2b537da5c8bc81f986143a46147b490Andreas Gustafsson<table width="100%" summary="Navigation header">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<tr><th colspan="3" align="center">Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</th></tr>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h2 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="Bv9ARM.ch06"></a>Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</h2></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573490">Comment Syntax</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574102"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574292"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574789"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574804"><span><strong class="command">include</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574827"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574849"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574939"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575065"><span><strong class="command">logging</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576484"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576557"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576621"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576665"><span><strong class="command">masters</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576680"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
d409ceeda41a256e8114423674d844d5f5035ee8Bob Halley<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585339"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585388"><span><strong class="command">trusted-keys</strong></span> Statement Definition
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585468"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
8f804834e2b537da5c8bc81f986143a46147b490Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586845"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589128">Zone File</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591081">Discussion of MX Records</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591701">Inverse Mapping in IPv4</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591896">Other Zone File Directives</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592153"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <acronym class="acronym">BIND</acronym> 9 configuration is broadly similar
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence to <acronym class="acronym">BIND</acronym> 8; however, there are a few new
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence of configuration, such as views. <acronym class="acronym">BIND</acronym>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence 8 configuration files should work with few alterations in <acronym class="acronym">BIND</acronym>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence 9, although more complex configurations should be reviewed to check
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence if they can be more efficiently implemented using the new features
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence found in <acronym class="acronym">BIND</acronym> 9.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <acronym class="acronym">BIND</acronym> 4 configuration files can be
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence converted to the new format
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence using the shell script
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h2 class="title" style="clear: both">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Following is a list of elements used throughout the <acronym class="acronym">BIND</acronym> configuration
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence file documentation:
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The name of an <code class="varname">address_match_list</code> as
5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson defined by the <span><strong class="command">acl</strong></span> statement.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <code class="varname">address_match_list</code>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence A list of one or more
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence or <code class="varname">acl_name</code> elements, see
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence A named list of one or more <code class="varname">ip_addr</code>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence with optional <code class="varname">key_id</code> and/or
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence A <code class="varname">masters_list</code> may include other
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence A quoted string which will be used as
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence a DNS name, for example "<code class="literal">my.test.domain</code>".
c4717613e45323ed23dc6e9162cba89f1f83830cDavid Lawrence One to four integers valued 0 through
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
c4717613e45323ed23dc6e9162cba89f1f83830cDavid Lawrence <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence An IPv4 address with exactly four elements
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence in <code class="varname">dotted_decimal</code> notation.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence IPv6 scoped addresses that have ambiguity on their
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence scope zones must be disambiguated by an appropriate
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence zone ID with the percent character (`%') as
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence delimiter. It is strongly recommended to use
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence string zone names rather than numeric identifiers,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence in order to be robust against system configuration
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence changes. However, since there is no standard
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence mapping for such names and identifier values,
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence currently only interface names as link identifiers
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence are supported, assuming one-to-one mapping between
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence interfaces and links. For example, a link-local
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence address <span><strong class="command">fe80::1</strong></span> on the link
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence attached to the interface <span><strong class="command">ne0</strong></span>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence Note that on most systems link-local addresses
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence always have the ambiguity, and need to be
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence disambiguated.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence An IP port <code class="varname">number</code>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <code class="varname">number</code> is limited to 0
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence through 65535, with values
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence below 1024 typically restricted to use by processes running
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence In some cases, an asterisk (`*') character can be used as a
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence placeholder to
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence select a random high-numbered port.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence An IP network specified as an <code class="varname">ip_addr</code>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence followed by a slash (`/') and then the number of bits in the
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence Trailing zeros in a <code class="varname">ip_addr</code>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence For example, <span><strong class="command">127/8</strong></span> is the
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence network <span><strong class="command">127.0.0.0</strong></span> with
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence When specifying a prefix involving a IPv6 scoped address
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence the scope may be omitted. In that case the prefix will
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence match packets from any scope.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence A <code class="varname">domain_name</code> representing
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence the name of a shared key, to be used for transaction
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence A list of one or more
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence separated by semicolons and ending with a semicolon.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence A non-negative 32-bit integer
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence (i.e., a number between 0 and 4294967295, inclusive).
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence Its acceptable value might further
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence be limited by the context in which it is used.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence A quoted string which will be used as
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence A number, the word <strong class="userinput"><code>unlimited</code></strong>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence or the word <strong class="userinput"><code>default</code></strong>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence the limit that was in force when the server was started.
87cafc5e70f79f2586d067fbdd64f61bbab069d2David Lawrence A <code class="varname">number</code> can optionally be
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence followed by a scaling factor:
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence for kilobytes,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence for megabytes, and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence which scale by 1024, 1024*1024, and 1024*1024*1024
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence respectively.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The value must be representable as a 64-bit unsigned integer
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence (0 to 18446744073709551615, inclusive).
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Using <code class="varname">unlimited</code> is the best
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence to safely set a really large number.
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence and <strong class="userinput"><code>0</code></strong>.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence One of <strong class="userinput"><code>yes</code></strong>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence <strong class="userinput"><code>passive</code></strong>.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence are restricted to slave and stub zones.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h3 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h4 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2573355"></a>Syntax</h4></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence [<span class="optional"> address_match_list_element; ... </span>]
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence key key_id | acl_name | { address_match_list } )
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence<div class="titlepage"><div><div><h4 class="title">
87cafc5e70f79f2586d067fbdd64f61bbab069d2David Lawrence<a name="id2573383"></a>Definition and Usage</h4></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Address match lists are primarily used to determine access
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence control for various server operations. They are also used in
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence statements. The elements
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence which constitute an address match list can be any of the
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence a key ID, as defined by the <span><strong class="command">key</strong></span>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<li>the name of an address match list defined with
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence the <span><strong class="command">acl</strong></span> statement
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<li>a nested address match list enclosed in braces</li>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Elements can be negated with a leading exclamation mark (`!'),
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence and the match list names "any", "none", "localhost", and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence are predefined. More information on those names can be found in
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence the description of the acl statement.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The addition of the key clause made the name of this syntactic
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence element something of a misnomer, since security keys can be used
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence to validate access without regard to a host or network address.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence the term "address match list" is still used throughout the
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence documentation.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence When a given IP address or prefix is compared to an address
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence match list, the list is traversed in order until an element
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The interpretation of a match depends on whether the list is being
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence for access control, defining listen-on ports, or in a sortlist,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence and whether the element was negated.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence When used as an access control list, a non-negated match
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence allows access and a negated match denies access. If
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence there is no match, access is denied. The clauses
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">allow-notify</strong></span>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">allow-query</strong></span>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">allow-query-cache</strong></span>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">allow-transfer</strong></span>,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">allow-update</strong></span>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence <span><strong class="command">allow-update-forwarding</strong></span>, and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">blackhole</strong></span> all use address match
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence lists. Similarly, the listen-on option will cause the
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence server to not accept queries on any of the machine's
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence addresses which do not match the list.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Because of the first-match aspect of the algorithm, an element
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence that defines a subset of another element in the list should come
fc6f5743aa860861fe39ca2680d9aa08e39d3039Andreas Gustafsson before the broader element, regardless of whether either is
0c7b7a19e5a3c23fbb789238dcc4d43cd55387a0Brian Wellington <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span> the 1.2.3.13
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence completely useless because the algorithm will match any lookup for
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
c56c28c3f28526766895da7e0366799d7610b09cDavid Lawrence that problem by having 1.2.3.13 blocked by the negation but all
fc6f5743aa860861fe39ca2680d9aa08e39d3039Andreas Gustafsson other 1.2.3.* hosts fall through.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h3 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2573490"></a>Comment Syntax</h3></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence comments to appear
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence anywhere that white space may appear in a <acronym class="acronym">BIND</acronym> configuration
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence file. To appeal to programmers of all kinds, they can be written
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h4 class="title">
0c7b7a19e5a3c23fbb789238dcc4d43cd55387a0Brian Wellington<a name="id2573505"></a>Syntax</h4></div></div></div>
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence<pre class="programlisting">// This is a <acronym class="acronym">BIND</acronym> comment as in C++</pre>
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence<pre class="programlisting"># This is a <acronym class="acronym">BIND</acronym> comment as in common UNIX shells and perl</pre>
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence<div class="titlepage"><div><div><h4 class="title">
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence<a name="id2573534"></a>Definition and Usage</h4></div></div></div>
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence Comments may appear anywhere that white space may appear in
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence a <acronym class="acronym">BIND</acronym> configuration file.
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence C-style comments start with the two characters /* (slash,
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence star) and end with */ (star, slash). Because they are completely
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence delimited with these characters, they can be used to comment only
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence a portion of a line or to span multiple lines.
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence C-style comments cannot be nested. For example, the following
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence is not valid because the entire comment ends with the first */:
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence<pre class="programlisting">/* This is the start of a comment.
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence This is still part of the comment.
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence/* This is an incorrect attempt at nesting a comment. */
00a1623a59b1540c28781e8ccd8341c8114dbc75David Lawrence This is no longer in any comment. */
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence C++-style comments start with the two characters // (slash,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence slash) and continue to the end of the physical line. They cannot
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence be continued across multiple physical lines; to have one logical
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence comment span multiple lines, each line must use the // pair.
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence<pre class="programlisting">// This is the start of a comment. The next line
fc6f5743aa860861fe39ca2680d9aa08e39d3039Andreas Gustafsson// is a new comment, even though it is logically
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence// part of the previous comment.
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence Shell-style (or perl-style, if you prefer) comments start
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence with the character <code class="literal">#</code> (number sign)
b161f87be81548d1b6d0210a7e138a08fbb2d3e5David Lawrence and continue to the end of the
fc6f5743aa860861fe39ca2680d9aa08e39d3039Andreas Gustafsson physical line, as in C++ comments.
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence<pre class="programlisting"># This is the start of a comment. The next line
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence# is a new comment, even though it is logically
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence# part of the previous comment.
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence You cannot use the semicolon (`;') character
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence to start a comment such as you would in a zone file. The
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence semicolon indicates the end of a configuration
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence<div class="titlepage"><div><div><h2 class="title" style="clear: both">
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence A <acronym class="acronym">BIND</acronym> 9 configuration consists of
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence statements and comments.
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence Statements end with a semicolon. Statements and comments are the
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence only elements that can appear without enclosing braces. Many
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence statements contain a block of sub-statements, which are also
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence terminated with a semicolon.
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence The following statements are supported:
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence <p><span><strong class="command">acl</strong></span></p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence defines a named IP address
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence matching list, for access control and other uses.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <p><span><strong class="command">controls</strong></span></p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence declares control channels to be used
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence by the <span><strong class="command">rndc</strong></span> utility.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <p><span><strong class="command">include</strong></span></p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence includes a file.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <p><span><strong class="command">key</strong></span></p>
30576c592b538cab293cf6e1f6265d376cd5a12cAndreas Gustafsson specifies key information for use in
30576c592b538cab293cf6e1f6265d376cd5a12cAndreas Gustafsson authentication and authorization using TSIG.
30576c592b538cab293cf6e1f6265d376cd5a12cAndreas Gustafsson <p><span><strong class="command">logging</strong></span></p>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence specifies what the server logs, and where
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence the log messages are sent.
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence <p><span><strong class="command">lwres</strong></span></p>
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence configures <span><strong class="command">named</strong></span> to
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence <p><span><strong class="command">masters</strong></span></p>
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence defines a named masters list for
1b038dbf0659fce246485562601ee851a9841ba1David Lawrence inclusion in stub and slave zone masters clauses.
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence <p><span><strong class="command">options</strong></span></p>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence controls global server configuration
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence options and sets defaults for other statements.
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence <p><span><strong class="command">server</strong></span></p>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence sets certain configuration options on
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence a per-server basis.
87cafc5e70f79f2586d067fbdd64f61bbab069d2David Lawrence <p><span><strong class="command">trusted-keys</strong></span></p>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence defines trusted DNSSEC keys.
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence <p><span><strong class="command">view</strong></span></p>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence defines a view.
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence <p><span><strong class="command">zone</strong></span></p>
2918b5bda6a55c301eb87992b5f2acd7176d0737David Lawrence defines a zone.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The <span><strong class="command">logging</strong></span> and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <span><strong class="command">options</strong></span> statements may only occur once
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence configuration.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h3 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2574102"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence address_match_list
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h3 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The <span><strong class="command">acl</strong></span> statement assigns a symbolic
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence name to an address match list. It gets its name from a primary
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence use of address match lists: Access Control Lists (ACLs).
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Note that an address match list's name must be defined
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence with <span><strong class="command">acl</strong></span> before it can be used
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence elsewhere; no
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence forward references are allowed.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence The following ACLs are built-in:
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <p><span><strong class="command">any</strong></span></p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Matches all hosts.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <p><span><strong class="command">none</strong></span></p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Matches no hosts.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence <p><span><strong class="command">localhost</strong></span></p>
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence Matches the IPv4 and IPv6 addresses of all network
1be10d46cbdf77d1a59a2e7512b72daceea47058David Lawrence interfaces on the system.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence <p><span><strong class="command">localnets</strong></span></p>
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence Matches any host on an IPv4 or IPv6 network
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence for which the system has an interface.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence Some systems do not provide a way to determine the prefix
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence local IPv6 addresses.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence In such a case, <span><strong class="command">localnets</strong></span>
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence only matches the local
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence<div class="titlepage"><div><div><h3 class="title">
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence<a name="id2574292"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
ff30a206ecc63b6681716322ed7f017e3f51ea7fDavid Lawrence<pre class="programlisting"><span><strong class="command">controls</strong></span> {
1a487fb7d230403bf1b5d6628542134f52c80653Michael Graff [ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
1a487fb7d230403bf1b5d6628542134f52c80653Michael Graff keys { <em class="replaceable"><code>key_list</code></em> }; ]
1a487fb7d230403bf1b5d6628542134f52c80653Michael Graff [ inet ...; ]
1a487fb7d230403bf1b5d6628542134f52c80653Michael Graff [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em> keys { <em class="replaceable"><code>key_list</code></em> }; ]
1a487fb7d230403bf1b5d6628542134f52c80653Michael Graff [ unix ...; ]
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="titlepage"><div><div><h3 class="title">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
"<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
<span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
<a name="id2574789"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574804"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2574827"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574849"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
(see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
(see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
number of required bits preceeded by a dash, e.g.
<a name="id2574939"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
[ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
[ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
| <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
[ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
<code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
[ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
[ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
[ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
[ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
<em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
<a name="id2575065"></a><span><strong class="command">logging</strong></span> Statement Definition and
variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
<a name="id2575117"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
file "example.log" versions 3 size 20m;
page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
<span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
<span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
<span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
<span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
<span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
<span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
// of "named.run"
new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
<a name="id2576484"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
[<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
<a name="id2576557"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>.) There may be be multiple
<a name="id2576621"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
<a name="id2576665"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2576680"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
[<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
[<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> tkey-gssapi-credential <em class="replaceable"><code>principal</code></em>; </span>]
[<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
[<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
[<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-validation <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-lookaside <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em>; </span>]
[<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-accept-expired <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
[<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
[<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
[<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yse_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
[<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
[<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
[<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
[<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
[<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
[<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
[<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>; [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
[<span class="optional"> acache-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
[<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> empty-zones-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> disable-empty-zone <em class="replaceable"><code>zone_name</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
<dt><span class="term"><span><strong class="command">tkey-gssapi-credential</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
<dt><span class="term"><span><strong class="command">root-delegation-only</strong></span></span></dt>
Note some TLDs are not delegation only (e.g. "DE", "LV", "US"
<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
for memory leaks on exit. <acronym class="acronym">BIND</acronym> 9 ignores the option and always performs
happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
<span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
<span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
<span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
and additional data sections when they are required (e.g.
changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span><strong class="command">\n</strong></span>"
<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
if known, even though they are not in the example.com zone.
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
When <strong class="userinput"><code>yes</code></strong> and the server loads a new version of a master
addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, named will
<dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl-cache</strong></span></span></dt>
stacked, then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
<dt><span class="term"><span><strong class="command">queryport-pool-ports</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">queryport-pool-updateinterval</strong></span></span></dt>
quickly converge on stealth servers. If an <span><strong class="command">also-notify</strong></span> list
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
to the behavior of the address sort in <acronym class="acronym">BIND</acronym> 4.9.x. Responses sent
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
If no name is specified, the default is "<span><strong class="command">*</strong></span>" (asterisk).
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>)
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
<span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> query-source [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yse_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-interval <em class="replaceable"><code>number</code></em>; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="id2585339"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2585388"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
DNSSEC security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A security root is defined when the
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2585468"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com zone
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com zone
zone "example.com" {
file "example-external.db";
<pre class="programlisting">zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-policy { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; // Not Implemented. </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
<a name="id2586845"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
status of infrastructure zones (e.g. COM, NET, ORG).
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-integrity</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-sibling</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">zero-no-soa-ttl</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">update-check-ksk</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">try-tcp-refresh</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> <em class="replaceable"><code>name</code></em> [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2591918"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2591979"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2592117"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2592153"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
The <span><strong class="command">$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
<td width="40%" align="left" valign="top">Chapter�5.�The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver�</td>