• Choose a category
• All
• Classic-Fiction

An acl must be a top-level statement in named.conf, so don’t try sneaking it in amid your other option declarations. named.conf is read in a single pass, so access control lists must be defined before they are used. Four lists are predefined: any, localnets, localhost, and none, matching all hosts, all hosts on the local network, the machine itself, and nothing, respectively. The networks included in localnets are determined by the interfaces on the machine modulo their netmasks.

The server statement

named can potentially talk to many servers, not all of which are running the latest version of BIND, and not all of which are even nominally sane. The server statement tells named about the characteristics of its remote peers.

server ip_addr {

bogus yes | no; [no]

provide-ixfr yes | no; [yes (V9 only)]

request-ixfr yes | no; [yes (V9 only)]

support-ixfr yes | no; [no (V8 only)]

transfers number; [2 (V9 only)]

transfer-format one-answer | many-answers; [V8: one, V9: many]

keys { key-id; key-id; ... };

};

You can use a server statement to override the values of server-related configuration options. Just list the ones for which you want nondefault behavior.

If you mark a server as being bogus, named won’t send any queries its way. This directive should generally be reserved for servers that really are bogus.

The ixfr clauses changed between V8 and V9, though both sets are similar. V8 has support-ixfr, and V9 has provide-ixfr and request-ixfr. The server statements in the config file of a server running V8 can set support-ixfr to yes if the remote server understands incremental zone transfers. A V9 server acting as master for a zone will do incremental zone transfers if provide-ixfr is set to yes. Likewise, a V9 server acting as a slave will request incremental zone transfers from the master if request-ixfr is set to yes.

The transfers clause limits the number of concurrent inbound zone transfers from the remote server. It is a server-specific version of transfers-in, but because it applies to only one server, it acts like a per-server override of the transfers-per-ns option. The name is different to preserve compatibility with BIND 8.

The transfer-format clauses are the server-specific forms of the options discussed on page 419. Use transfer-format if you talk to both BIND 8/9 and BIND 4 servers.

The keys clause identifies a key ID that has been previously defined in a key statement for use with TSIG transaction signatures (see page 462). Any requests sent to the remote server are signed with this key. Requests originating at the remote server are not required to be signed, but if they are, the signature will be verified.

The logging statement

named is the current holder of the “most configurable logging system on Earth” award. Syslog put the prioritization of log messages into the programmer’s hands and the disposition of those messages into the sysadmin’s hands. But for a given priority, the sysadmin had no way to say, “I care about this message but not about that message.” BIND 8 added categories that classify log messages by type, and channels that broaden the choices for the disposition of messages. Categories are determined by the programmer, and channels by the sysadmin.

Since the issue of logging is somewhat tangential (especially given the amount of explanation required), we discuss it in the debugging section later in this chapter. It starts on page 469.

The zone statement

zone statements are the heart of the named.conf file. They tell named about the zones for which it is authoritative and set the options that are appropriate for managing each zone. A zone statement is also used to preload the root server hints (the names and addresses of the root servers, which bootstrap the DNS lookup process).

The exact format of a zone statement varies depending on the role that named is to play with respect to that zone (for example, master server or slave server). We examine each possibility in turn. Many of the global options covered earlier can become part