html/config/options.html

	options.html revision 9bff67898d55cddfcec9ce30cc2b1bb6211ec691
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!--
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - Copyright (C) 1999, 2000  Internet Software Consortium.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington -
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - Permission to use, copy, modify, and distribute this software for any
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - purpose with or without fee is hereby granted, provided that the above
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - copyright notice and this permission notice appear in all copies.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington -
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - SOFTWARE.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington-->
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington<HTML>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<HEAD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  <TITLE>BIND options Statement</TITLE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</HEAD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<BODY>
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington<H2>BIND Configuration File Guide -- <CODE>options</CODE> Statement</H2>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<HR>
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A NAME="Syntax"><H3>Syntax</H3></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoptions {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ version <VAR>version_string</VAR>; ]
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington  [ directory <VAR>path_name</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ named-xfer <VAR>path_name</VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ dump-file <VAR>path_name</VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ memstatistics-file <VAR>path_name</VAR>; ]
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington  [ pid-file <VAR>path_name</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ statistics-file <VAR>path_name</VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ auth-nxdomain <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ deallocate-on-exit <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington  [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ fake-iquery <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ fetch-glue <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ has-old-clients <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington  [ host-statistics <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ multiple-cnames <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ expert-mode <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ recursion <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ rfc2308-type1 <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ use-id-pool <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ forward ( only | first ); ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ forwarders { [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; ... ] ] }; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ check-names ( master | slave | response ) ( warn | fail | ignore); ]
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington  [ allow-query { <VAR>address_match_list</VAR> }; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ allow-transfer { <VAR>address_match_list</VAR> }; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ blackhole { <VAR>address_match_list</VAR> }; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ listen-on [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR>address_match_list</VAR> }; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ query-source [ address ( <VAR><A HREF="docdef.html">ip_addr</A></VAR> | * ) ] [ port ( <VAR><A HREF="docdef.html">ip_port</A></VAR> | * ) ] ; ]
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington  [ lame-ttl <VAR>number</VAR>; ]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington  [ max-transfer-time-in <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ max-ncache-ttl <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ transfer-format ( one-answer | many-answers ); ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ transfers-in  <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ transfers-out <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ transfers-per-ns <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ maintain-ixfr-base <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ max-ixfr-log-size <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ coresize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ datasize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ files <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ stacksize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ cleaning-interval <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ heartbeat-interval <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ interface-interval <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ statistics-interval <VAR>number</VAR>; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ <A HREF="#topology">topology</A> { <VAR>address_match_list</VAR> }; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ <A HREF="#sortlist">sortlist</A> { <VAR>address_match_list</VAR> }; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ rrset-order { <VAR>order_spec</VAR> ; [ <VAR>order_spec</VAR> ; ... ] ] };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ tkey-domain <VAR>string</VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ tkey-dhkey <VAR>string</VAR> ; ]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington};
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<HR>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A NAME="Usage"><H3>Definition and Usage</H3></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The options statement sets up global options to be used by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonBIND. This statement may appear at only once in a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonconfiguration file; if more than one occurrence is found, the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonfirst occurrence determines the actual options used,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonand a warning will be generated.  If there is no options statement,
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob Halleyan options block with each option set to its default will be used.</P>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob Halley<H4>Pathnames</H4>
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob Halley
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>version</CODE>
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob Halley<DD>
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob HalleyThe version the server should report via the <VAR>ndc</VAR> command
622df0afb82c1b711b5f3c272db4c4b83d09bc4aBob Halleyor via a query of name <CODE>version.bind</CODE> in class <I>chaos</I>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is the real version number of ths server, but some server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoperators prefer the string <CODE>"surely you must be joking"</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>directory</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe working directory of the server.  Any non-absolute
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonpathnames in the configuration file will be taken as relative to this
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondirectory.  The default location for most server output files
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington(e.g. "named.run") is this directory.  If a directory is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspecified, the working directory defaults to ".", the directory from which the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver was started.  The directory specified should be an absolute path.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>named-xfer</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe pathname to the named-xfer program that the server uses for
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellingtoninbound zone transfers.  If not specified, the default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsystem dependent (e.g.  "/usr/sbin/named-xfer").
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>dump-file</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe pathname of the file the server dumps the database to when it
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellingtonreceives <CODE>SIGINT</CODE> signal (<CODE>ndc dumpdb</CODE>).  If not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspecified, the default is "named_dump.db".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington<DT><CODE>memstatistics-file</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonThe pathname of the file the server writes memory usage statistics to on exit,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonif <CODE>deallocate-on-exit</CODE> is <CODE>yes</CODE>.  If not
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonspecified, the default is "named.memstats".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>pid-file</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe pathname of the file the server writes its process ID in.  If not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspecified, the default is operating system dependent, but is usually
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington"/var/run/named.pid" or "/etc/named.pid".  The pid-file is used by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonprograms like "ndc" that want to send signals to the running
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnameserver.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>statistics-file</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe pathname of the file the server appends statistics to when it
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonreceives <CODE>SIGILL</CODE> signal (<CODE>ndc stats</CODE>).  If not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspecified, the default is "named.stats".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A name="BooleanOptions"><H4>Boolean Options</H4></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>auth-nxdomain</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then the <CODE>AA</CODE> bit is always set on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNXDOMAIN responses, even if the server is not actually authoritative.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is <CODE>yes</CODE>.  Do not turn off
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondoing, as some older software won't like it.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>deallocate-on-exit</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then when the server exits it will painstakingly
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondeallocate every object it allocated, and then write a memory usage report to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe <CODE>memstatistics-file</CODE>.  The default is <CODE>no</CODE>, because
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonit is faster to let the operating system clean up.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>deallocate-on-exit</CODE> is handy for detecting memory leaks.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>dialup</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then the server treats all zones as if they are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondoing zone transfers across a dial on demand dialup link, which can
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbe brought up by traffic originating from this server.  This has
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondifferent effects according to zone type and concentrates the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmaintenance so that it all happens in a short interval, once every
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>heartbeat-interval</CODE> and hopefully during the one call.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIt also suppresses some of the normal zone maintainance traffic.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is <CODE>no</CODE>. The <CODE>dialup</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoption may also be specified in the <CODE>zone</CODE> statement, in which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoncase it overrides the <CODE>options dialup</CODE> statement.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf the zone is a <CODE>master</CODE> then the server will send out
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNOTIFY request to all the slaves.  This will trigger the zone up to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondate checking in the slave (providing it supports NOTIFY) allowing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe <CODE>slave</CODE> to verify the zone while the call us up.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf the zone is a <CODE>slave</CODE> or <CODE>stub</CODE> then the server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwill suppress the zone regular zone up to date queries and only perform
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe when the <CODE>heartbeat-interval</CODE> expires.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>fake-iquery</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, the server will simulate the obsolete DNS query type
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIQUERY.  The default is <CODE>no</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>fetch-glue</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonIf <CODE>yes</CODE> (the default), the server will fetch "glue" resource
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonrecords it doesn't have when constructing the additional data section of
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtona response.  <CODE>fetch-glue no</CODE> can be used in conjunction with
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<CODE>recursion no</CODE> to prevent the server's cache from growing or
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonbecoming corrupted (at the cost of requiring more work from the client).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>has-old-clients</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonSetting the option to <CODE>yes</CODE> is equivalent to setting the follow
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonthree options <CODE>auth-nxdomain yes;</CODE>, <CODE>maintain-ixfr-base
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonyes;</CODE> and <CODE>rfc2308-type1 no;</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe use of <CODE>has-old-clients</CODE> with <CODE>auth-nxdomain</CODE>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>maintain-ixfr-base</CODE> and <CODE>rfc2308-type1</CODE> is order
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondependant.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>host-statistics</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then statistics are kept for every host that the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe nameserver interacts with.  The default is <CODE>no</CODE>.  <I>Note:</I>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonturning on <CODE>host-statistics</CODE> can consume huge amounts of memory.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>maintain-ixfr-base</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then a transaction log is kept for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIncremental Zone Transfer. The default is <CODE>no</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>multiple-cnames</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, then multiple CNAME resource records will be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonallowed for a domain name.  The default is <CODE>no</CODE>.  Allowing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmultiple CNAME records is against standards and is not recommended.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonMultiple CNAME support is available because previous versions of BIND
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonallowed multiple CNAME records, and these records have been used for load
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbalancing by a number of sites.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>expert-mode</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>no</CODE> (the default), then warnings for various minor
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonproblems (such as lame servers) will be issued.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>notify</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE> (the default), DNS NOTIFY messages are sent when a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonzone the server is authoritative for changes.  The use of NOTIFY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspeeds convergence between the master and its slaves.  Slave servers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthat receive a NOTIFY message and understand it will contact the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmaster server for the zone and see if they need to do a zone transfer, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonif they do, they will initiate it immediately.  The <CODE>notify</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoption may also be specified in the <CODE>zone</CODE> statement, in which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoncase it overrides the <CODE>options notify</CODE> statement.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>recursion</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, and a DNS query requests recursion, then the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver will attempt to do all the work required to answer the query.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf recursion is not on, the server will return a referral to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonclient if it doesn't know the answer.  The default is <CODE>yes</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSee also <CODE>fetch-glue</CODE> above.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>rfc2308-type1</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, the server will send NS records along with the SOA
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonrecord for negative answers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonYou need to set this to <CODE>no</CODE> if you have an old BIND
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver using you as a forwarder that does not understand negative answers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwhich contain both SOA and NS records or you have an old version of sendmail.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe correct fix is to upgrade the broken server or sendmail.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is <CODE>no</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>use-id-pool</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf <CODE>yes</CODE>, the server will keep track of its own outstanding
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonquery ID's to avoid duplication and increase randomness.  This will result
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonin 128KB more memory being consumed the server.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is <CODE>no</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A NAME="Forwarding"><H4>Forwarding</H4></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The forwarding facility can be used to create a large site-wide
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoncache on a few servers, reducing traffic over links to external
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnameservers.  It can also be used to allow queries by servers that do
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnot have direct access to the Internet, but wish to look up exterior
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnames anyway.  Forwarding occurs only on those queries for which the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver is not authoritative and does not have the answer in its cache.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>forward</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThis option is only meaningful if the <CODE>forwarders</CODE> list is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnot empty.  A value of <CODE>first</CODE>, the default, causes the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver to query the forwarders first, and if that doesn't answer the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonquestion the server will then look for the answer itself.  If
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>only</CODE> is specified, the server will only query the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonforwarders.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>forwarders</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSpecifies the IP addresses to be used for forwarding.  The default is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonempty list (no forwarding).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Forwarding can also be configured on a per-zone basis, allowing for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe global forwarding options to be overridden in a variety of ways.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonYou can set particular zones to use different forwarders, or have
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondifferent <CODE>forward only/first</CODE> behavior, or to not forward
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonat all.  See the <A HREF="zone.html"><CODE>zone</CODE></A> statement
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonfor more information.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Future versions of BIND 8 will provide a more powerful forwarding
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsystem.  The syntax described above will continue to be supported.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="NameChecking"><H4>Name Checking</H4></a>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The server can check domain names based upon their expected client contexts.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonFor example, a domain name used as a hostname can be checked for compliance
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwith the RFCs defining valid hostnames.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Three checking methods are available:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>ignore</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNo checking is done.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>warn</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNames are checked against their expected client contexts.  Invalid names are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonlogged, but processing continues normally.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>fail</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNames are checked against their expected client contexts.  Invalid names are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonlogged, and the offending data is rejected.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The server can check names three areas: master zone files, slave
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonzone files, and in responses to queries the server has initiated.  If
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>check-names response fail</CODE> has been specified, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonanswering the client's question would require sending an invalid name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonto the client, the server will send a REFUSED response code to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonclient.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The defaults are:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    check-names master fail;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    check-names slave warn;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    check-names response ignore;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P><CODE>check-names</CODE> may also be specified in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A HREF="zone.html"><CODE>zone</CODE></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonstatement, in which case it overrides the <CODE>options check-names</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonstatement.  When used in a <CODE>zone</CODE> statement, the area is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonspecified (because it can be deduced from the zone type).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A name="AccessControl"><H4>Access Control</H4></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Access to the server can be restricted based on the IP address of the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonrequesting system.  See
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<VAR><A HREF="address_list.html">address_match_list</A></VAR> for details
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonon how to specify IP address lists.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>allow-query</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonSpecifies which hosts are allowed to ask ordinary questions.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<CODE>allow-query</CODE> may also be specified in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>zone</CODE> statement, in which case it overrides the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>options allow-query</CODE> statement.  If not specified, the default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonto allow queries from all hosts.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>allow-transfer</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSpecifies which hosts are allowed to receive zone transfers from the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver.  <CODE>allow-transfer</CODE> may also be specified in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>zone</CODE> statement, in which case it overrides the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>options allow-transfer</CODE> statement.  If not specified, the default
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonis to allow transfers from all hosts.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>blackhole</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonSpecifies a list of addresses that the server will not accept queries from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonor use to resolve a query.  Queries from these addresses will not be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonresponded to.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4>Interfaces</H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The interfaces and ports that the server will answer queries from may
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbe specified using the <CODE>listen-on</CODE> option.  <CODE>listen-on</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontakes an optional port, and an
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<VAR><A HREF="address_list.html">address_match_list</A></VAR>.  The server will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonlisten on all interfaces allowed by the address match list.  If a port is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnot specified, port 53 will be used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Multiple <CODE>listen-on</CODE> statements are allowed.  For example,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    listen-on { 5.6.7.8; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    listen-on port 1234 { !1.2.3.4; 1.2/16; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonwill enable the nameserver on port 53 for the IP address 5.6.7.8, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonon port 1234 of an address on the machine in net 1.2 that is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington1.2.3.4.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>If no <CODE>listen-on</CODE> is specified, the server will listen on port
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington53 on all interfaces.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4>Query Address</H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>If the server doesn't know the answer to a question, it will query
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonother nameservers.  <CODE>query-source</CODE> specifies the address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonand port used for such queries.  If <CODE>address</CODE> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>*</CODE> or is omitted, a wildcard IP address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington(<CODE>INADDR_ANY</CODE>) will be used.  If <CODE>port</CODE> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>*</CODE> or is omitted, a random unprivileged port will be used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    query-source address * port *;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Note: <CODE>query-source</CODE> currently applies only to UDP queries;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonTCP queries always use a wildcard IP address and a random unprivileged
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonport.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<A name="ZoneTransfers"><H4>Zone Transfers</H4></A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
754768580f991d35f5346a9fdb14e45d46648692Brian Wellington<DT><CODE>max-transfer-time-in</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonInbound zone transfers (<CODE>named-xfer</CODE> processes) running
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonlonger than this many minutes will be terminated.  The default is 120
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonminutes (2 hours).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
754768580f991d35f5346a9fdb14e45d46648692Brian Wellington<DT><CODE>transfer-format</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe server supports two zone transfer methods.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>one-answer</CODE> uses one DNS message per resource record
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontransferred.  <CODE>many-answers</CODE> packs as many resource records
c60d524c4928c47901672b1c79f6bc86bf856063Andreas Gustafssonas possible into a message.  <CODE>many-answers</CODE> is more
b56607d483d6fa805dae4fb702c8bb08ee384dbfAndreas Gustafssonefficient, but is only known to be understood by BIND 8.1 and patched
c60d524c4928c47901672b1c79f6bc86bf856063Andreas Gustafssonversions of BIND 4.9.5.  The default is <CODE>one-answer</CODE>.
c60d524c4928c47901672b1c79f6bc86bf856063Andreas Gustafsson<CODE>transfer-format</CODE> may be
0072911bd97d599381efe685665f50039f411485Andreas Gustafssonoverridden on a per-server basis by using the <CODE>server</CODE> statement.
c60d524c4928c47901672b1c79f6bc86bf856063Andreas Gustafsson
0072911bd97d599381efe685665f50039f411485Andreas Gustafsson<DT><CODE>transfers-in</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe maximum number of inbound zone transfers that can be running
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonconcurrently.  The default value is 10.  Increasing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>transfers-in</CODE> may speed up the convergence of slave zones,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbut it also may increase the load on the local system.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>transfers-out</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThis option will be used in the future to limit the number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonconcurrent outbound zone transfers.  It is checked for syntax, but is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonotherwise ignored.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>transfers-per-ns</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe maximum number of inbound zone transfers (<CODE>named-xfer</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonprocesses) that can be concurrently transferring from a given remote
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnameserver.  The default value is 2.  Increasing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>transfers-per-ns</CODE> may speed up the convergence of slave
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonzones, but it also may increase the load on the remote nameserver.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>transfers-per-ns</CODE> may be overridden on a per-server basis
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonby using the <CODE>transfers</CODE> phrase of the <CODE>server</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonstatement.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4>Resource Limits</H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The server's usage of many system resources can be limited.  Some
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoperating systems don't support some of the limits.  On such systems,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtona warning will be issued if the unsupported limit is used.  Some
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonoperating systems don't support limiting resources, and on these systems
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtona <CODE>cannot set resource limits on this system</CODE> message will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonbe logged.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>Scaled values are allowed when specifying resource limits.  For
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonexample, <CODE>1G</CODE> can be used instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>1073741824</CODE> to specify a limit of one gigabyte.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>unlimited</CODE> requests unlimited use, or the maximum
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonavailable amount.  <CODE>default</CODE> uses the limit that was in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonforce when the server was started.  See
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<VAR><A HREF="docdef.html">size_spec</A></VAR> for more details.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>coresize</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonThe maximum size of a core dump.  The default is <CODE>default</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>datasize</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe maximum amount of data memory the server may use.  The default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>default</CODE>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>files</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe maximum number of files the server may have open concurrently.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is <CODE>unlimited</CODE>.  <I>Note:</I> on some operating
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsystems the server cannot set an unlimited value and cannot determine
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe maximum number of open files the kernel can support.  On such
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsystems, choosing <CODE>unlimited</CODE> will cause the server to use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe larger of the <CODE>rlim_max</CODE> for <CODE>RLIMIT_NOFILE</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonand the value returned by <CODE>sysconf(_SC_OPEN_MAX)</CODE>.  If the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonactual kernel limit is larger than this value, use <CODE>limit
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonfiles</CODE> to specify the limit explicitly.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>max-ixfr-log-size</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe <CODE>max-ixfr-log-size</CODE> will be used in a future release of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe server to limit the size of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontransaction log kept for Incremental Zone Transfer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>stacksize</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian WellingtonThe maximum amount of stack memory the server may use.  The default is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>default</CODE>.
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington<H4>Periodic Task Intervals</H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>cleaning-interval</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe server will remove expired resource records from the cache every
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>cleaning-interval</CODE> minutes.  The default is 60 minutes.  If set
c60d524c4928c47901672b1c79f6bc86bf856063Andreas Gustafssonto 0, no periodic cleaning will occur.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>heartbeat-interval</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe server will perform zone maintenance tasks for all zones marked
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CODE>dialup yes</CODE> whenever this interval expires.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe default is 60 minutes. Reasonable values are up to 1 day (1440 minutes).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf set to 0, no zone maintenance for these zones will occur.
fa342c624a5e7df0d10ef34586f8cfffbcd92c69Brian Wellington<DT><CODE>interface-interval</CODE>
fa342c624a5e7df0d10ef34586f8cfffbcd92c69Brian Wellington<DD>
fa342c624a5e7df0d10ef34586f8cfffbcd92c69Brian WellingtonThe server will scan the network interface list every
fa342c624a5e7df0d10ef34586f8cfffbcd92c69Brian Wellington<CODE>interface-interval</CODE> minutes.  The default is 60 minutes.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf set to 0, interface scanning will only occur when the configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonfile is loaded.  After the scan, listeners will be started on any new
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoninterfaces (provided they are allowed by the <CODE>listen-on</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonconfiguration).  Listeners on interfaces that have gone away will be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoncleaned up.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><CODE>statistics-interval</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonNameserver statistics will be logged every <CODE>statistics-interval</CODE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonminutes.  The default is 60.  If set to 0, no statistics will be logged.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4><A NAME="topology">Topology</A></H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>All other things being equal, when the server chooses a nameserver
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonto query from a list of nameservers, it prefers the one that is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontopologically closest to itself.  The <CODE>topology</CODE> statement
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontakes an <VAR><A HREF="address_list.html">address_match_list</A></VAR>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonand interprets it in a special way.  Each top-level list element is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonassigned a distance.  Non-negated elements get a distance based on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtontheir position in the list, where the closer the match is to the start
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonof the list, the shorter the distance is between it and the server.  A
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnegated match will be assigned the maximum distance from the server.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIf there is no match, the address will get a distance which is further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthan any non-negated list element, and closer than any negated
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonelement.  For example,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington    topology {
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington        10/8;
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington        !1.2.3/24;
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington        { 1.2/16; 3/8; };
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington    };
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington</PRE>
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington<P>will prefer servers on network 10 the most, followed by hosts on
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellingtonnetwork 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellingtonof hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonof all.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The default topology is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    topology { localhost; localnets; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4><A NAME="sortlist">Resource Record sorting</A></H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonWhen returning multiple RRs,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe nameserver will normally return them in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<B>Round Robin</B>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoni.e. after each request, the first RR is put to the end of the list.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonAs the order of RRs is not defined, this should not cause any problems.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe client resolver code should re-arrange the RRs as appropriate,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtoni.e. using any addresses on the local net in preference to other addresses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonHowever, not all resolvers can do this, or are not correctly configured.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonWhen a client is using a local server, the sorting can be performed in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonserver, based on the client's address.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThis only requires configuring the nameservers, not all the clients.
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson</P>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson<P>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas GustafssonThe sortlist statement takes an address match list and interprets it even
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafssonmore specially than the <A HREF="#topology">topology</A> statement does.
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson</P>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson<P>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas GustafssonEach top level statement in the sortlist must itself be an explicit
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafssonaddress match list with one or two elements.  The first element
6ec499054450c5e0fd69d78961deef46985ba363Brian Wellington(which may be an IP address, an IP prefix, an ACL name or nested
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafssonaddress match list) of each top level list is checked against the
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafssonsource address of the query until a match is found.
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson</P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonOnce the source address of the query has been matched, if the top level
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonstatement contains only one element, the actual primitive element that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmatched the source address is used to select the address in the response
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonto move to the beginning of the response.  If the statement is a list
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonof two elements, then the second element is treated like the address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmatch list in a topology statement.  Each top level element is assigned
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtona distance and the address in the response with the minimum distance is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonmoved to the beginning of the response.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonIn the following example, any queries received from any of the addresses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonof the host itself will get responses preferring addresses on any of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe locally connected networks.  Next most preferred are addresses on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonthe 192.168.1/24 network, and after that either the 192.168.2/24 or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington192.168.3/24 network with no preference shown between these two networks.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonQueries received from a host on the 192.168.1/24 network will prefer
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonother addresses on that network to the 192.168.2/24 and 192.168.3/24
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnetworks.  Queries received from a host on the 192.168.4/24 or the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington192.168.5/24 network will only prefer other addresses on their
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtondirectly connected networks.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsortlist {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           { localhost;         // IF   the local host
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington             { localnets;       // THEN first fit on the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington               192.168.1/24;    //      following nets
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington               { 192,168.2/24; 192.168.3/24; }; }; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           { 192.168.1/24;      // IF   on class C 192.168.1
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington             { 192.168.1/24;    // THEN use .1, or .2 or .3
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington               { 192.168.2/24; 192.168.3/24; }; }; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           { 192.168.2/24;      // IF   on class C 192.168.2
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington             { 192.168.2/24;    // THEN use .2, or .1 or .3
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington               { 192.168.1/24; 192.168.3/24; }; }; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           { 192.168.3/24;      // IF   on class C 192.168.3
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington             { 192.168.3/24;    // THEN use .3, or .1 or .2
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington               { 192.168.1/24; 192.168.2/24; }; }; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington           };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington};
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonThe following example will give reasonable behaviour for the local host
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonand hosts on directly connected networks.  It is similar to the behavior
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonof the address sort in BIND 4.9.x.  Responses sent to queries from the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonlocal host will favor any of the directly connected networks.  Responses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsent to queries from any other hosts on a directly connected network will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonprefer addresses on that same network.  Responses to other queries will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonnot be sorted.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonsortlist {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            { localhost; localnets; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            { localnets; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington};
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!--
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington * XXX - it would be nice to have an ACL called "source" that matched the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *       source address of a query so that a host could be configured to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *       automatically prefer itself, and an ACL called "sourcenet", that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *       would return the primitive IP match element that matched the source
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *       address so that you could do:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *          { localnets; { sourcenet; { other stuff ...}; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *       and automatically get similar behaviour to what you get with:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *          { localnets; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington-->
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</P>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="RrsetOrder">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<H4>RRset Ordering</H4>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>When multiple records are returned in an answer it may be useful to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonconfigure the order the records are placed into the response. For example the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonrecords for a zone might be configured to always be returned in the order they
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonare defined in the zone file.  Or perhaps a <i>random</i> shuffle of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonrecords as they are returned is wanted. The <var>rrset-order</var> statement
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonpermits configuration of the ordering made of the records in a multiple record
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonresponse. The default, if no ordering is defined, is a cyclic ordering (round
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonrobin).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>An <var>order_spec</var> is defined as follows:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  [ <var>class</var> class_name ][ <var>type</var> type_name ][ <var>name</var> "FQDN" ] <var>order</var> ordering
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</PRE>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>If no <var>class</var> is specified, the default is <code>ANY</code>. If no
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<var>type</var> is specified, the default is <code>ANY</code>. If no
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<var>name</var> is specified, the default is <code>"*"</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<P>The legal values for <code>ordering</code> are:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DL>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><code>fixed</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>Records are returned in the order they are defined in the zone file.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><code>random</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DD>Records are returned in some random order.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<DT><code>cyclic</code>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>Records are returned in a round-robin order.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>For example:
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<PRE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington    rrset-order {
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington	class IN type A name "rc.vix.com" order random;
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington        order cyclic;
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington    };
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</PRE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>will cause any responses for type <VAR>A</VAR> records in class
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<VAR>IN</VAR> that have "rc.vix.com" as a suffix, to always be returned in
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonrandom order. All other records are returned in cyclic order.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>If multiple <code>rrset-order</code> statements appear, they are not
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtoncombined--the last one applies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>If no <code>rrset-order</code> statement is specified, then a default one
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonof:
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<pre>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington    rrset-order { class ANY type ANY name "*" order cyclic ; };
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</pre>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>is used.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<H4>Tuning</H4>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>lame-ttl</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonSets the number of seconds to cache a lame server indication.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington0 disables caching.  Default is 600 (10 minutes).  Maximum value is 1800 (30 minutes).
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>max-ncache-ttl</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonTo reduce network traffic and increase performance the server store negative
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonanswers.  <CODE>max-ncache-ttl</CODE> is used to set a maximum retention time
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonfor these answers in the server is seconds.  The default <CODE>max-ncache-ttl</CODE> is
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington10800 seconds (3 hours).  <CODE>max-ncache-ttl</CODE> cannot exceed the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonmaximum retention time for ordinary (positive) answers (7 days) and will be
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonsilently truncated to 7 days if set to a value which is greater that 7 days.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<H4>Security</H4>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<P>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>tkey-domain</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonA quoted string that sets the domain name appended to relative names used in
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonthe TKEY key creation process.  When an agreement is initiated by the client,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonit may request a relative name, random name, or an absolute name.  If a
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonrelative name is used or a random name is created, the value of tkey-domain
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonwill be appended.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DT><CODE>tkey-dhkey</CODE>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<DD>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonA quoted string that sets the Diffie Hellman key used by the server in a key
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonexchange.  A shared secret will be derived from this key, the client's key,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonand some random data, and the secret will be saved as a TSIG shared secret for
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellingtonlater use.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</DL>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<HR>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<HR>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<ADDRESS>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonLast Updated: $Id: options.html,v 1.3 2000/06/21 23:50:39 tale Exp $
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</ADDRESS>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</BODY>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</HTML>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington