DNS and BIND 4th Edition-DNS and BIND 4th Edition

I l@ve RuBoard

E.4 BIND 9 Configuration File Statements

E.4.1 acl

Function:: Creates a named address match list

Syntax:

acl name {
   address_match_list;
};

Covered in Chapter 10, and Chapter 11.

E.4.2 controls

Function:: Configures a channel used by rndc to control the name server

Syntax:

controls {
   [ inet ( ip_addr | * ) port ip_port allow address_match_list keys key_list; ]
   [ inet ... ; ]
};

Covered in Chapter 7.

E.4.3 include

Function:: Inserts the specified file at the point that the include statement is encountered

Syntax:

include path_name;

Covered in Chapter 7.

E.4.4 key

Function:: Defines a key ID that can be used in a server statement or an address match list to associate a TSIG key with a particular name server

Syntax:

key key_id {
  algorithm algorithm_id;
  secret secret_string;
};

Covered in Chapter 10, and Chapter 11.

E.4.5 logging

Function:: Configures the name server's logging behavior

Syntax:

logging {
  [ channel channel_name {
    ( file path_name
       [ versions ( number | unlimited ) ]
       [ size size_spec ]
     | syslog ( kern | user | mail | daemon | auth | syslog | lpr |
                news | uucp | cron | authpriv | ftp |
                local0 | local1 | local2 | local3 |
                local4 | local5 | local6 | local7 )
     | stderr
     | null );

    [ severity ( critical | error | warning | notice |
                 info  | debug [ level ] | dynamic ); ]
    [ print-category yes_or_no; ]
    [ print-severity yes_or_no; ]
    [ print-time yes_or_no; ]
  }; ]

  [ category category_name {
    channel_name; [ channel_name; ... ]
  }; ]
  ...
};

Covered in Chapter 7.

E.4.6 options

Function:: Configures global options

Syntax:

options {
  [ additional-from-auth yes_or_no; ]
  [ additional-from-cache yes_or_no; ]
  [ allow-notify { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-recursion { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ also-notify { ip_addr [ port ip_port ] ; [ ip_addr [ port ip_port ] ; ... ] }; ]
  [ auth-nxdomain yes_or_no; ]
  [ blackhole { address_match_list }; ]
  [ cleaning-interval number; ]
  [ coresize size_spec; ]
  [ datasize size_spec; ]
  [ dialup yes_or_no; ]
  [ directory path_name; ]
  [ dump-file path_name; ]
  [ files size_spec; ]
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ heartbeat-interval number; ]
  [ interface-interval number; ]
  [ lame-ttl number; ]
  [ listen-on [ port ip_port ] { address_match_list }; ]
  [ listen-on-v6 [ port ip_port ] { address_match_list }; ]
  [ max-cache-ttl number; ]
  [ max-ncache-ttl number; ]
  [ max-refresh-time number; ]
  [ max-retry-time number; ]
  [ max-transfer-idle-in number; ]
  [ max-transfer-idle-out number; ]
  [ max-transfer-time-in number; ]
  [ max-transfer-time-out number; ]
  [ min-refresh-time number; ]
  [ min-retry-time number; ]
  [ notify yes_or_no | explicit; ]
  [ notify-source ( ip_addr | * ) [ port ip_port ]; ]
  [ notify-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
  [ pid-file path_name; ]
  [ port ip_port; ]
  [ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
  [ query-source-v6 [ address ( ip6_addr | * ) ] [ port ( ip_port | * ) ]; ]
  [ recursion yes_or_no; ]
  [ recursive-clients number; ]
  [ sig-validity-interval number; ]
  [ sortlist { address_match_list }; ]
  [ stacksize size_spec; ]
  [ statistics-file path_name; ]
  [ tcp-clients number; ]
  [ tkey-dhkey key_name key_tag; ]
  [ tkey-domain domain_name; ]
  [ transfer-format ( one-answer | many-answers ); ]
  [ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
  [ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
  [ transfers-in  number; ]
  [ transfers-out number; ]
  [ transfers-per-ns number; ]
  [ version version_string; ]
  [ zone-statistics yes_or_no; ]
};

Covered in Chapter 4, Chapter 10, Chapter 11, and Chapter 16.

E.4.7 server

Function:: Defines the characteristics to be associated with a remote name server

Syntax:

server ip_addr {
  [ bogus yes_or_no; ]
  [ keys { key_id [ key_id ... ] }; ]
  [ provide-ixfr yes_or_no; ]
  [ request-ixfr yes_or_no; ]
  [ transfers number; ]
  [ transfer-format ( one-answer | many-answers ); ]
};

Covered in Chapter 10, and Chapter 11.

E.4.8 trusted-keys

Function:: Configures the public keys of security roots for use in DNSSEC

Syntax:

trusted-keys {
  domain-name flags protocol_id algorithm_id public_key_string;
  [ domain-name flags protocol_id algorithm_id public_key_string; [ ... ] ]
};

Covered in Chapter 11.

E.4.9 view

Function:: Creates and configures a view

Syntax:

view "view_name" [ ( in | hs | hesiod | chaos ) ] {
  match-clients { address_match_list };
  [ allow-notify { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-recursion { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ also-notify { ip_addr; [ ip_addr; ... ] }; ]
  [ auth-nxdomain yes_or_no; ]
  [ cleaning-interval number; ]
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
  [ key ... ]
  [ lame-ttl number; ]
  [ min-refresh-time number; ]
  [ min-retry-time number; ]
  [ max-cache-ttl number; ]
  [ max-ncache-ttl number; ]
  [ max-transfer-idle-out number; ]
  [ max-transfer-time-out number; ]
  [ max-refresh-time number; ]
  [ max-retry-time number; ]
  [ notify yes_or_no | explicit; ]
  [ provide-ixfr yes_or_no; ]
  [ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
  [ query-source-v6 [ address ( ip6_addr | * ) ] [ port ( ip_port | * ) ]; ]
  [ recursion yes_or_no; ]
  [ request-ixfr yes_or_no; ]
  [ server ... ]
  [ sig-validity-interval number; ]
  [ sortlist { address_match_list }; ]
  [ transfer-format ( one-answer | many-answers ); ]
  [ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
  [ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
  [ trusted-keys ... ]
  [ zone ... ]
};

Covered in Chapter 10, and Chapter 11.

E.4.10 zone

Function:: Configures the zones maintained by the name server

Syntax:

zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
  type master;
  file path_name;
  [ allow-notify { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ allow-update { address_match_list }; ]
  [ allow-update-forwarding { address_match_list }; ]
  [ also-notify { ip_addr [ port ip_port ]; [ ip_addr [ port ip_port ]; ... ]     
  [ database string; [ string; ... ] ]
  [ dialup yes_or_no | notify; ]
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
  [ max-refresh-time number; ]
  [ max-retry-time number; ]
  [ max-transfer-idle-out number; ]
  [ max-transfer-time-out number; ]
  [ min-refresh-time number; ]
  [ min-retry-time number; ]
  [ notify yes_or_no | explicit; ]
  [ sig-validity-interval number; ]
  [ update-policy { update_policy_rule; [ ... ] }; ]
};

zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
  type slave;
  masters [ port ip_port ] { ip_addr [ port ip_port ] [ key key_id ]; [ ip_addr [ port ip_port ] [ key key_id ]; ... ] };
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ allow-update { address_match_list }; ]
  [ allow-update-forwarding { address_match_list }; ]
  [ also-notify { ip_addr [ port ip_port ]; [ ip_addr [ port ip_port ]; ... ] 
};
  [ dialup yes_or_no | notify | notify-passive | refresh | passive; ]
  [ file path_name; ]
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
  [ max-refresh-time number ; ]
  [ max-retry-time number ; ]
  [ max-transfer-idle-in number; ]
  [ max-transfer-idle-out number; ]
  [ max-transfer-time-in number; ]
  [ max-transfer-time-out number; ]
  [ min-refresh-time number ; ]
  [ min-retry-time number ; ]
  [ notify yes_or_no | explicit; ]
  [ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
  [ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
};

zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
  type stub;
  masters [ port ip_port ] { ip_addr [ [port ip_port ] [ key key_id ]; [ ip_addr 
[ port ip_port ] [ key key_id ]; ... ] };
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ allow-update { address_match_list }; ]
  [ allow-update-forwarding { address_match_list }; ]
  [ dialup yes_or_no | passive | refresh; ]
  [ file path_name; ]
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ max-refresh-time number ; ]
  [ max-retry-time number ; ]
  [ max-transfer-idle-in number; ]
  [ max-transfer-idle-out number; ]
  [ max-transfer-time-in number; ]
  [ max-transfer-time-out number; ]
  [ min-refresh-time number ; ]
  [ min-retry-time number ; ]
  [ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
  [ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
};

zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
  type forward;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
};

zone "." [ ( in | hs | hesiod | chaos ) ] {
  type hint;
  file path_name;
};

Covered in Chapter 4, and Chapter 10.

I l@ve RuBoard