4 stars based on
BIND 8 configuration files should work with few bind statement in BIND 9, although more complex bind statement should be reviewed to check if they can be more efficiently implemented using the new features found in BIND 9.
Following is a list of elements used throughout the BIND configuration file documentation:. A quoted string which will be used as a DNS name, for example " my. An IPv6 address, such as It is strongly recommended to use string zone names rather than numeric identifiers, in order to be robust bind statement system configuration changes. However, since there is no standard mapping for such names and identifier values, currently only interface names as link identifiers are supported, assuming one-to-one mapping between interfaces and links.
For example, a link-local address fe Note that on most systems link-local addresses always have the ambiguity, and need to be disambiguated. An IP port number. The number is limited to 0 throughwith values below typically restricted to use by processes running as root. When specifying a prefix involving a IPv6 scoped address the scope may be omitted.
In bind statement case the prefix will match packets from any scope. A non-negative bit integer i. Its acceptable value might be further limited by the context in which it is used. A non-negative real number that can be specified to the nearest one hundredth.
Up to five digits can be specified before a decimal point, and up to bind statement digits after, so the maximum value is Acceptable values might be further limited by the context in which it is used.
For example, range represents ports bind statement through A bit unsigned integer, or the keywords unlimited or default. In most cases, setting a value to 0 does not literally mean zero; it means "undefined" or "as big as possible", depending on the context. Numeric values can optionally be followed by a scaling factor: Either yes or no. The words true and false are also accepted, as are the numbers 1 and 0. One of yesnonotifynotify-passiverefresh or passive. When used in a zone, notify-passiverefreshand passive bind statement restricted to slave and stub zones.
Address match lists are primarily used to determine access control for various server operations. They are also used in the listen-on and sortlist statements. The elements which constitute an address match list can be any of the bind statement.
More information bind statement those names can be found in the description of the acl statement. The addition of the key clause made the name of this syntactic element something of a misnomer, since security keys can be used to validate access without regard to a host or network address. Bind statement, the term "address match list" is still used throughout the documentation. When a given IP address or prefix is compared to an address match list, the comparison takes place in approximately O bind statement time.
However, key comparisons require that the list of keys be traversed until a matching key is found, and therefore may be somewhat slower.
The interpretation of a match depends bind statement whether the list is being used for access control, defining listen-on ports, or in a sortlistand whether the element was negated. When used as an access control list, a bind statement match allows access and a negated match denies access.
If there is no match, access is denied. The clauses allow-notifyallow-recursionallow-recursion-onallow-queryallow-query-onallow-query-cacheallow-query-cache-onallow-transferallow-updateallow-update-forwardingand blackhole all use address match lists.
Similarly, the listen-on option will cause the server to refuse queries on any of the machine's addresses which do not match the list. Order of insertion is significant. If more than one element in an ACL is found to match a given IP address or prefix, preference will be given to the one that came first in the ACL definition.
Because of this first-match behavior, an element that defines a subset of another element in the list should come before the broader element, regardless of whether either is negated. For example, in 1. Comments may appear anywhere that whitespace may appear in a BIND configuration file. Because they are completely delimited with these characters, they can be used bind statement comment only a portion of a line or to span multiple lines. C-style comments cannot be nested. The semicolon indicates the end of a configuration statement.
A BIND 9 configuration consists of statements and comments. Statements end with a semicolon. Statements and comments are the only elements that can appear without enclosing braces.
Many statements contain a block of sub-statements, which are also terminated with a semicolon. The logging and options statements may only occur once per configuration. The acl statement assigns a symbolic name to an address match list.
It gets its name from a primary use of address match lists: Matches the IPv4 and IPv6 addresses of all network interfaces on the system. When addresses are added or removed, the localhost ACL element is updated to reflect the changes.
Matches any host on an IPv4 or IPv6 network bind statement which the system has an interface. When addresses bind statement added or removed, the localnets ACL element is updated to reflect the changes. Some systems do not provide a way to determine the prefix lengths of local IPv6 addresses. In such a case, localnets only matches the local IPv6 addresses, just like localhost. The controls statement declares control channels to be used by system administrators to control the operation of the name server.
These control channels are used by the rndc utility to send commands to and retrieve non-DNS results from a name server. If you will only use rndc on the local host, using the loopback address If no port is specified, port is used. The ability to issue commands over the control channel is restricted by the allow and keys clauses.
A unix control channel is a UNIX domain socket listening at the specified path in the file system. Access to the socket is specified by the permowner and group clauses. Note on some platforms SunOS and Solaris the permissions perm are applied to the parent directory as the permissions on the socket itself are ignored.
If no controls statement is present, named will set bind statement a default control channel listening on the loopback address In this case, and also when the controls statement is present but does not have a keys clause, named will attempt to load the bind statement channel key from the file rndc.
Bind statement create bind statement rndc. You cannot easily change bind statement key name or the size of the secret, so you should make a rndc. Bind statement you desire greater flexibility in allowing other users to access rndc commands, then you need to create a rndc. To disable the command channel, use an empty controls statement: The include statement inserts the specified bind statement at the point where the include statement is encountered.
The include statement facilitates bind statement administration of configuration files by permitting the reading or writing of some things but not others. For bind statement, the statement could include private keys that are readable only by the name server. The key statement bind statement occur at bind statement top level of the configuration file or inside a view statement. Keys defined in top-level key statements can be used in all views. It can be bind statement in a server statement to cause requests sent to that server to be signed with this key, or in address match lists to verify that incoming requests have been signed with a key matching this name, algorithm, and bind statement.
Named supports hmac-md5hmac-sha1hmac-shahmac-shabind statement and hmac-sha TSIG authentication. Truncated hashes are supported by appending the minimum number bind statement required bits preceded by a dash, e. The logging statement configures a wide variety of logging options for the name server. Its channel phrase associates output methods, format options and severity levels with a name that can then be used with the category phrase to select how various classes of messages are logged.
Only one logging statement is used to define as many channels and categories as are wanted. If there is no logging statement, the logging configuration will be:. In BIND 9, the logging configuration is only established when the entire configuration file has been parsed. In BIND 8, it was established as bind statement as the logging statement was parsed. When the server is starting up, all logging messages regarding syntax errors in the configuration bind statement go to the default channels, or to standard error if the " -g bind statement option was specified.
All log output goes to one or more channels ; you can make as many of them bind statement you want. Every channel definition must bind statement a destination clause that says whether messages selected for the channel go to a file, to a particular syslog facility, to the standard error stream, or are discarded.
The null destination clause causes all messages sent to the channel to be discarded; in that case, other options for the channel are meaningless. The file destination clause directs the channel to a disk file. It can include limitations both on how large the file is allowed to become, and how many versions of the file will be bind statement each time the file is opened.
If you bind statement the versions log file option, then named will retain that many backup versions of the file by renaming them when opening.
For example, if you choose to keep three old versions of the file lamers. You can say versions unlimited to not limit the number of versions. If a size option is associated with the log file, then renaming is only done when the file being bind statement exceeds the indicated size.
No backup versions are kept by bind statement any existing log file is simply appended. The size option for files is used to limit log growth.