E.4 BIND 9 Configuration File Statements
E.4.1 acl
- Function:
Creates a named address match list
- Syntax:
acl name {
address_match_list;
};
Covered in Chapter 10, and Chapter 11.
E.4.2 controls
- Function:
Configures a channel used by rndc to control the
name server
- Syntax:
controls {
[ inet ( ip_addr | * ) port ip_port allow address_match_list keys key_list; ]
[ inet ... ; ]
};
Covered in Chapter 7.
E.4.3 include
- Function:
Inserts the specified file at the point that the
include statement is encountered
- Syntax:
include path_name;
Covered in Chapter 7.
E.4.4 key
- Function:
Defines a key ID that can be used in a server
statement or an address match list to associate a TSIG key with a
particular name server
- Syntax:
key key_id {
algorithm algorithm_id;
secret secret_string;
};
Covered in Chapter 10, and Chapter 11.
E.4.5 logging
- Function:
Configures the name server's logging behavior
- Syntax:
logging {
[ channel channel_name {
( file path_name
[ versions ( number | unlimited ) ]
[ size size_spec ]
| syslog ( kern | user | mail | daemon | auth | syslog | lpr |
news | uucp | cron | authpriv | ftp |
local0 | local1 | local2 | local3 |
local4 | local5 | local6 | local7 )
| stderr
| null );
[ severity ( critical | error | warning | notice |
info | debug [ level ] | dynamic ); ]
[ print-category yes_or_no; ]
[ print-severity yes_or_no; ]
[ print-time yes_or_no; ]
}; ]
[ category category_name {
channel_name; [ channel_name; ... ]
}; ]
...
};
Covered in Chapter 7.
E.4.6 options
- Function:
Configures global options
- Syntax:
options {
[ additional-from-auth yes_or_no; ]
[ additional-from-cache yes_or_no; ]
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ also-notify { ip_addr [ port ip_port ] ; [ ip_addr [ port ip_port ] ; ... ] }; ]
[ auth-nxdomain yes_or_no; ]
[ blackhole { address_match_list }; ]
[ cleaning-interval number; ]
[ coresize size_spec; ]
[ datasize size_spec; ]
[ dialup yes_or_no; ]
[ directory path_name; ]
[ dump-file path_name; ]
[ files size_spec; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
[ heartbeat-interval number; ]
[ interface-interval number; ]
[ lame-ttl number; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[ max-cache-ttl number; ]
[ max-ncache-ttl number; ]
[ max-refresh-time number; ]
[ max-retry-time number; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ min-refresh-time number; ]
[ min-retry-time number; ]
[ notify yes_or_no | explicit; ]
[ notify-source ( ip_addr | * ) [ port ip_port ]; ]
[ notify-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
[ pid-file path_name; ]
[ port ip_port; ]
[ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ query-source-v6 [ address ( ip6_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ recursion yes_or_no; ]
[ recursive-clients number; ]
[ sig-validity-interval number; ]
[ sortlist { address_match_list }; ]
[ stacksize size_spec; ]
[ statistics-file path_name; ]
[ tcp-clients number; ]
[ tkey-dhkey key_name key_tag; ]
[ tkey-domain domain_name; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
[ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ version version_string; ]
[ zone-statistics yes_or_no; ]
};
Covered in Chapter 4, Chapter 10, Chapter 11, and Chapter 16.
E.4.7 server
- Function:
Defines the characteristics to be associated with a remote name server
- Syntax:
server ip_addr {
[ bogus yes_or_no; ]
[ keys { key_id [ key_id ... ] }; ]
[ provide-ixfr yes_or_no; ]
[ request-ixfr yes_or_no; ]
[ transfers number; ]
[ transfer-format ( one-answer | many-answers ); ]
};
Covered in Chapter 10, and Chapter 11.
E.4.8 trusted-keys
- Function:
Configures the public keys of security roots for use in DNSSEC
- Syntax:
trusted-keys {
domain-name flags protocol_id algorithm_id public_key_string;
[ domain-name flags protocol_id algorithm_id public_key_string; [ ... ] ]
};
Covered in Chapter 11.
E.4.9 view
- Function:
Creates and configures a view
- Syntax:
view "view_name" [ ( in | hs | hesiod | chaos ) ] {
match-clients { address_match_list };
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ also-notify { ip_addr; [ ip_addr; ... ] }; ]
[ auth-nxdomain yes_or_no; ]
[ cleaning-interval number; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
[ key ... ]
[ lame-ttl number; ]
[ min-refresh-time number; ]
[ min-retry-time number; ]
[ max-cache-ttl number; ]
[ max-ncache-ttl number; ]
[ max-transfer-idle-out number; ]
[ max-transfer-time-out number; ]
[ max-refresh-time number; ]
[ max-retry-time number; ]
[ notify yes_or_no | explicit; ]
[ provide-ixfr yes_or_no; ]
[ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ query-source-v6 [ address ( ip6_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ recursion yes_or_no; ]
[ request-ixfr yes_or_no; ]
[ server ... ]
[ sig-validity-interval number; ]
[ sortlist { address_match_list }; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
[ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
[ trusted-keys ... ]
[ zone ... ]
};
Covered in Chapter 10, and Chapter 11.
E.4.10 zone
- Function:
Configures
the zones maintained by the name server
- Syntax:
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
type master;
file path_name;
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ also-notify { ip_addr [ port ip_port ]; [ ip_addr [ port ip_port ]; ... ]
[ database string; [ string; ... ] ]
[ dialup yes_or_no | notify; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
[ max-refresh-time number; ]
[ max-retry-time number; ]
[ max-transfer-idle-out number; ]
[ max-transfer-time-out number; ]
[ min-refresh-time number; ]
[ min-retry-time number; ]
[ notify yes_or_no | explicit; ]
[ sig-validity-interval number; ]
[ update-policy { update_policy_rule; [ ... ] }; ]
};
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
type slave;
masters [ port ip_port ] { ip_addr [ port ip_port ] [ key key_id ]; [ ip_addr [ port ip_port ] [ key key_id ]; ... ] };
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ also-notify { ip_addr [ port ip_port ]; [ ip_addr [ port ip_port ]; ... ]
};
[ dialup yes_or_no | notify | notify-passive | refresh | passive; ]
[ file path_name; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr; [ ip_addr; ... ] ] }; ]
[ max-refresh-time number ; ]
[ max-retry-time number ; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ min-refresh-time number ; ]
[ min-retry-time number ; ]
[ notify yes_or_no | explicit; ]
[ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
[ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
};
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
type stub;
masters [ port ip_port ] { ip_addr [ [port ip_port ] [ key key_id ]; [ ip_addr
[ port ip_port ] [ key key_id ]; ... ] };
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ dialup yes_or_no | passive | refresh; ]
[ file path_name; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
[ max-refresh-time number ; ]
[ max-retry-time number ; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ min-refresh-time number ; ]
[ min-retry-time number ; ]
[ transfer-source ( ip_addr | * ) [ port ip_port ]; ]
[ transfer-source-v6 ( ip6_addr | * ) [ port ip_port ]; ]
};
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
type forward;
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
};
zone "." [ ( in | hs | hesiod | chaos ) ] {
type hint;
file path_name;
};
Covered in Chapter 4, and Chapter 10.
|