Defines the configuration and behavior of the named daemon.
The /etc/named.conf file is the default configuration file for the named server. If the named daemon is started without specifying an alternate file, the named daemon reads this file for information on how to set up the local name server.
Note: The named daemon reads the configuration file only when the named daemon starts or when the named daemon receives an SRC refresh command or a SIGHUP signal.
The data in the named.conf file specifies general configuration characteristics for the name server, defines each zone for which the name server is responsible (its zones of authority), and provides further config information per zone, possibly including the source DOMAIN database file for the zone.
Any database files referenced in the named.conf file must be in Standard Resource Record Format. These data files can have any name and any directory path. However, for convenience in maintaining the named database, they are generally given names in the following form: /etc/named.extension. The general format of named data files is described in DOMAIN Data File, DOMAIN Reverse Data File, DOMAIN Cache File, and DOMAIN Local File.
Comments in the named.conf file can begin with a # (pound sign) or // (two forward slashes), or can be enclosed in the C-style comment characters, e.g., /* comment text */.
Configuration options are lines of text beginning with a keyword, possibly including some option text or a list, and ending in a ; (semicolon).
The named.conf file is organized into stanzas. Each stanza is an enclosed set of configuration options that define either general characteristics of the daemon or a zone configuration. Certain stanza definitions are allowed only at the top-level, therefore nesting these stanzas is not allowed. The current top-level configuration stanza keywords are: acl, key, logging, options, server, and zone.
Further configuration information can be incorporated into the conf file via the include keyword. This keyword directs the daemon to insert the contents of the indicated file into the current position of the include directive.
acl acl-name { access-element; [ access-element; ... ] };
Defines an access control list to be referenced thoughout the configuration file byacl-name. Multiple acl definitions can exist within one configuration file provided that each acl-name is unique. Additionally, four default access control lists are defined:
Option | Values | Explanation |
---|---|---|
access-element | IP-address
IP-prefix acl-reference | Defines a source as allowed or disallowed. Multiple
access-elements are allowed inside the acl stanza.
Each element can be an IP address in dot notation (e.g., 9.3.149.66) an IP prefix in CIDR or slash notation (e.g., 9.3.149/24) or a reference to another access control list (e.g., localhost). Additionally, each element indicates whether the element is allowed or disallowed access via an ! (exclamation point) modifier prepended to the element. For example:
acl hostlist1 { !9.53.150.239; 9.3.149/24; }; When the access control list " hostlist1" is referenced in the configuration, it implies to allow access from any host whose IP address begins with 9.3.149 and to disallow access from the internet host 9.53.150.239. |
key key-name { algorithm alg-id; secret secret-string; };
Defines an algorithm and shared secret key to be referenced in a server
stanza and used for authentication by that name server. This feature is
included for future use and is currently unused in the name server.
Option | Values | Explanation |
---|---|---|
algorithm | alg-id string | A quoted-string that defines the type of security algorithm that will be used when interpreting the secret string. None are defined at this time. |
secret | secret-string string | A quoted-string that is used by the algorithm to authenticate the host. |
logging { [ channel channel-name { ( file file-name [ versions ( num-vers | unlimited ) ] [ size size-value ] | syslog ( kern | user | mail | daemon | syslog | lpr | news | uucp ) | null ); [ print-category ( yes | no ); ] [ print-severity ( yes | no ); ] [ print-time ( yes | no ); ] }; ... ] [ category category-name { channel-reference; [ channel-reference; ... ] }; ... ] };
In this newest version of the name server, the logging facility has been greatly improved to allow for much reconfiguration of the default logging mechanism. The logging stanza is used to define logging output channels and to associate the predefined logging categories with either the predefined or user-defined logging output channels.
When no logging stanza is included in the conf file, the name server still
logs messages and errors just as it has in previous releases.
Informational and some critical messages will be logged through the syslog
daemon facility, and debug and other esoteric information will be logged to
the named.run file when the global debug level (set with the
-d command-line option) is non-zero.
Option | Values | Explanation |
---|---|---|
channel | Defines an output channel to be referenced later by the
channel-name identifier. An output channel specifies a
destination for output messages to be sent as well as some formatting
information to be used when writing the output message. More than one
output channel can be defined provided that each channel-identifier
is unique. Also, each output channel can be referenced from multiple
logging categories.
There are four predefined output channels:
| |
file | file-name string | Defines an output channel as one that logs messages to an output
file. The file used for output is specified with the
file-name string. Additionally, the file option
allows for controlling how many versions of the output file should be kept,
and what size limit the output file should never exceed.
The file, syslog, and null output paths are mutually exclusive. |
versions | num-versions
unlimited | Specifies the number of old output files that should be kept. When an output file is reopened, rather than replacing a possible existing output file, the existing output file will be saved as an old output file with a .value extension. Using the num-versions value, one can limit the number of old output files to be kept. However, specifying the unlimited keyword indicates to continually accumulate old output file versions. By default, no old versions of any log file are kept. |
size | size-value | Specifies the maximum size of the log file used by this channel.
By default, the size is unlimited. However, when a size is configured,
once size-value bytes are written to the file, nothing more will be
written until the file is reopened.
Accepted values for size-value include the word "unlimited" and numbers with k, m, or g modifiers specifying kilobytes, megabytes, and gigabytes respectively. For example, 1000k and 1m indicate one thousand kilobytes and one megabyte respectively. |
syslog | kern
user daemon auth syslog lpr news uucp | Defines an output channel as one that redirects its messages to the
syslog service. The supported value keywords correspond to facilities
logged by the syslog service.
Ultimately, the syslog service will define which received messages will be logged through the service, therefore, if definining a channel to redirect its messages to the syslog service's user facility would not result in any visibly logged messages if the syslog service is not configured to output messages from this facility. For more information concerning the syslog service, see the syslogd daemon. The file, syslog, and null output paths are mutually exclusive. |
null | Defines an output channel through which all messages will be discarded. All other output channel options are invalid for an output channel whose output path is null. | |
severity | critical
error warning notice info debug [ level ] dynamic | Sets a threshold of message severities to be logged through the output
channel. While these severity definitions are similar to those used by
the syslog service, for the name server they also control output through file
path channels. Messages must meet or exceed the severity level to be
logged through the output channel. The dynamic severity
specifies that the name server's global debug level (specified when the
daemon is invoked with the -d flag) controls which messages pass
through the output channel.
Also, the debug severity can specify a level modifier which is an upper threshold for debug messages whenever the name server has debugging enabled at any level. A lower debug level indicates less information is to be logged through the channel. It is not necessary for the global debug level to meet or exceed the debug level value. If used with the syslog output path, the syslog facility will ultimately control what severities are logged through the syslog service. For example, if the syslog service is configured to only log daemon.info messages, and the name server is configured to channel all debug messages to the syslog service, the syslog service will filter the messages from its output path. |
print-category | yes
no | Controls the format of the output message when it is sent through the
output path. Regardless of which, how many, or in which order these
options are listed inside the channel stanza, the message will be prepended
with the the text in a time, category, severity order.
The following is an example of a message with all three print- options enabled:
By default, no extra text will be prepended to an output message. Note that when the syslog service logs messages, it also prepends the date and time information to the text of the message. Thus, enabling print-time on a channel that uses the syslog output path would result in the syslog service logging a message with two dates prepended to it. |
print-severity | yes
no | |
print-time | yes
no | |
category | The category keyword defines a stanza which associates a
logging or messaging category with predefined or user-defined output
channels.
By default, the following categories are defined:
| |
category-name | default
config parser queries lame-servers statistics panic update ncache xfer-in xfer-out db event-lib packet notify cname security os insist maintenance load response-checks | The category-name specifies which logging category is to be
associated with the listed channel-references. This results
in any output text generated by the name server daemon for that logging
category to be redirected through each of the channel-references
listed.
The default category defines all messages that are not listed in one of the specific categories listed. Also, the insist and panic categories are associated with messages that define a fatal inconsistency in the name server's state. The remaining categories define messages that are generated when handling specific functions of the name server. For example, the update category is used when logging errors or messages specific to the handling of a dynamic zone update, and the parser category is used when logging errors or messages during the parsing of the conf file. |
channel-reference | References a channel-name identifier defined previously in the logging configuration stanza. Therefore, every message associated with the defined category-name will be logged through each of the defined channel-references. |
options { [ directory path-string; ] [ named-xfer path-string; ] [ dump-file path-string; ] [ pid-file path-string; ] [ statistics-file path-string; ] [ auth-nxdomain ( yes | no ); ] [ fake-iquery ( yes | no ); ] [ fetch-glue ( yes | no ); ] [ multiple-cnames ( yes | no ); ] [ notify ( yes | no ); ] [ recursion ( yes | no ); ] [ forward ( only | first ); ] [ forwarders { ipaddr; [...] }; ] [ check-names ( master|slave|response ) ( warn|fail|ignore ); ] [ allow-query { access-element; [...] }; ] [ allow-transfer { access-element; [...] ); ] [ listen-on [ port port-num ] { access-element; [...] }; ... ] [ query-source [ address ( ipaddr|* ) ] [ port ( port|* ) ]; ] [ max-transfer-time-in seconds; ] [ transfer-format ( one-answer | many-answers ); ] [ transfers-in value; ] [ transfers-out value; ] [ transfers-per-ns value; ] [ coresize size-value; ] [ datasize size-value; ] [ files size-value; ] [ stacksize size-value; ] [ clean-interval value; ] [ interface-interval value; ] [ statistics-interval value; ] [ topology { access-element; [...] }; ] };
Defines many globally available options to to modify basic characteristics of the name server.
Because some of the options in this configuration stanza may modify the
behavior in how the named daemon will read and interpret later
sections of the named file, it is highly recommended that the
options stanza be the first stanza listed in the configuration
file.
Option | Values | Default | Explanation |
---|---|---|---|
directory | path-string | "." | Indicates the directory from which all relative paths will be
anchored. The path-string parameter must be a quoted
string. For example, to indicate that all zone files will exist in the
"/usr/local/named/data" without listing each file in the zone definitions, specify the global option directory
as:
options { directory "/usr/local/named/data"; }; |
named-xfer | path-string | "/usr/sbin/named-xfer" | Specifies the path and executable name of the named-xfer command used for inbound zone transfers. The path-string parameter must be a quoted string. |
dump-file | path-string | "/usr/tmp/named_dump.db" | Specifies a filename to which the database in memory will be dumped whenever the named daemon receives a SIGINT signal. |
pid-file | path-string | "/etc/named.pid" | Specifies the file in which the named daemon will write its PID value. |
statistics-file | path-string | "/usr/tmp/named.stats" | Specifies the file to which the name server will append operating statistics when it receives the SIGILL signal. |
auth-nxdomain | yes
no | yes | Controls whether the server should respond authoritatively when returning an NXDOMAIN response. |
fake-iquery | yes
no | no | Controls whether the server should respond to the obsolete IQUERY requests. |
fetch-glue | yes
no | yes | Controls whether the server should search for "glue" records to include in the additional section of a query response. |
multiple-cnames | yes
no | no | Controls whether the server will allow multiple CNAME records for one domain name in any of its zone databases. This practice is discouraged but an option remains for backwards compatibility. |
notify | yes
no | yes | Controls whether the name server will send NOTIFY messages to its slave servers upon realization of zone changes. Because the slave servers will almost immediately respond to the NOTIFY message with a request for zone transfer, this limits the amount of time that the databases are out of synchronization in the master and slave relationship. |
recursion | yes
no | yes | Controls whether the server will attempt to resolve names outside of its domains on behalf of the client. If set to no, the name server will return a referral to the client in order for the client to continue searching for the name. Used with the fetch-glue option, one can contain the amount of data that grows in the name server's memory cache. |
forward | only
first | first | Controls how forwarding is used when forwarding is enabled. When set to first, the name server will attempt to search for a name whenever the forwarded host does not provide an answer. However, when set to only, the name server will not attempt this extra work. |
forwarders | ipaddr | (empty list) | Enables the use of query forwarding when defining a Forwarding Name Server. The ipaddr parameter list specifies the hosts to which the query should be forwarded when it cannot be resolved from the local database. Each ipaddr is an internet address in standard dot notation. |
check-names | master ignore
master warn master fail slave ignore slave warn slave fail response ignore response warn response fail | master fail
slave warn response ignore | Controls how the name server will handle non-RFC compliant host names and
domain names through each of its operation domains.
The master keyword specifies how to handle malformed names in a
master zone file.
ignore directs the server to ignore any malformed names and
continue normal processing.
|
allow-query | access-element | any | Limits the range of querying hosts allowed to access the system. Each access-element is specified in the same manner as in the acl stanza defined earlier. |
allow-transfer | access-element | any | Limits the range of querying hosts that are requesting zone transfers. Each access-element is specified in the same manner as in the acl stanza defined earlier. |
listen-on | port port-num
access-element | port 53 { localhost; } | Limits the interfaces available to the name server daemon and controls
which port to use to listen for queries. By default, the name server
uses all interfaces on the system and listens on port 53. Additionally,
multiple listen-on definitions are allowed within the
options stanza.
Each access element is specified in the same manner as in the acl stanza defined earlier. The following example limits the name server to using only the interface with address 9.53.150.239: listen-on port 53 { 9.53.150.239; }; |
query-source | address ipaddr
address * port port port * | address * port * | Modifies the default address and port from which queries will originate. |
max-transfer-time-in | seconds | 120 | Specifies the maximum amount of time an inbound zone transfer will be allowed to run before it is aborted. This is used to control an event in which a child process of the name server does not execute or terminate properly. |
transfer-format | one-answer
many-answers | one-answer | Controls the method in which full zone transfers will be sent to requestors. The one-answer method uses one packet per zone resource record while many-answers will insert as many resource records into one packet as possible. While the many-answers method is more efficient, it is only understood by the newest revisions of the name server. This option can be overridden in the server stanza to specify the method on a per name server basis. |
transfers-in | value | 10 | Specifies the maximum number of concurrent inbound zone transfers. While this will limit the amount of time each slave zone is out of synchronization with the master's database, because each inbound transfer runs in a separate child process, increasing the value may also increase the load on the slave server. |
transfers-out | value | N/A | Specifies the maximum number of concurrent outbound zone transfers for the name server. This option is currently unused in the server, but will be available at a later time. |
transfers-per-ns | value | 2 | Specifies the maximum amount of concurrent zone transfers from a specific remote name server. While this will limit the amount of time each slave zone is out of synchronization with the master's database, increasing this value may increase the load on the remote master server. |
coresize | size-value | default | Configures some process specific values for the daemon.
The default values or those inherited by the system and by the system's resources. Each size-value can be specified as a number or as a number followed by the k, m, and g modifiers indicating kilobytes, megabytes, and gigabytes respectively. |
datasize | size-value | default | |
files | value | unlimited | |
stacksize | size-value | default | |
clean-interval | minutes | 60 | Controls the intervals for the periodic maintenance tasks of the name
server.
The clean-interval specifies how frequently the server will remove expired resource records from the cache. The interface-interval specifies how frequently the server will rescan for interfaces in the system. The statistics-interval specifies how frequently the name server will output statistics data. A minutes value of zero indicates that the service task should only run when the configuration file is reread. |
interface-interval | minutes | 60 | |
statistics-interval | minutes | 60 | |
cleandb-time | time | N/A | Specifies a time of day in which the database will be scanned and any
dynamic records whose set of SIG resource records are all expired
will be removed. For a dynamic zone which has
update-security set to presecured, only the expired
SIG KEY will remain.
The default is to never perform this scan. Instead, the expired records will remain until the name is queried. time is specified as HH:MM in a 24-hour format. |
topology | access-element | localhost; localnets; | Specifies a search order to use to find a preference in a list of
addresses corresponding to a name server. Whenever a query is forwarded
or a query must be made to another name server, it may be necessary to choose
an address from a list of available addresses.
Each access-element, while seemingly similar to those specified in an acl stanza, is interpretted by its position in the list. The first elements in the list are preferred more than those following them. Negated elements (those specified with the ! (exclamation point) modifier) are considered least desirable. |
server ipaddr { [ bogus ( yes | no ); ] [ transfers value; ] [ transfer-format ( one-answer | many-answers ); ] }
Modifies the behavior in which the remote name server matching the
specified ipaddr IP address should be treated.
Option | Values | Explanation |
---|---|---|
bogus | yes
no | Indicates that the name server identified by the stanza should not be used again. The default value is no. |
transfers | value | Overrides the globally available option transfers-per-ns. Specifies a maximum value for the number of concurrent inbound zone transfers from the foreign name server identified by the stanza. |
transfer-format | one-answer
many-answers | Overrides the globally available option transfer-format to a specific value for the specified server. The transfer-format option indicates to the name server how to form its outbound full zone transfers. By default, the value is inherited from the options stanza (where it defaults to one-answer). one-answer specifies that only one resource record can be sent per packet during the zone transfer, whereas many-answers indicates to entirely fill the outbound packet with resource records. The many-answers format is only available in the newest revisions of the name server. |
zone domain-string [ class ] { type ( hint | stub | slave | master ); [ file path-string; ] [ masters { ipaddr; [...] }; ] [ check-names ( warn | fail | ignore ); ] [ allow-update { access-element; [...] }; ] [ update-security ( unsecured | presecured | controlled ); ] [ allow-query { access-element; [...] }; ] [ allow-transfer { access-element; [...] }; ] [ max-transfer-time-in seconds; ] [ notify ( yes | no ); ] [ also-notify { ipaddr; [...] }; ] [ dont-notify { ipaddr; [...] }; ] [ notify-delaytime seconds; ] [ notify-retrytime seconds; ] [ notify-retrycount value; ] [ dump-interval seconds; ] [ incr-interval seconds; ] [ deferupdcnt value; ] [ key-xfer ( yes | no ); ] [ timesync ( yes | no ); ] [ timesync-xfer ( yes | no ); ] [ save-backups ( yes | no ); ] [ ixfr-directory path-string; ] [ separate-dynamic ( yes | no ); ] };
The zone stanza is used to define a zone, its type, possible location of
data, and operating parameters. The domain-string is a
quoted string specifying the zone, where "." is used to specify
the root zone. The class paramter specifies the
class of the zone as either in, hs,
hesiod, or chaos. By default, the
class is assumed to be IN.
Option | Values | Default | Explanation |
---|---|---|---|
type | hint
stub slave master | N/A | Defines the type of the zone. hint zones, previously
regarded as cache zones, only describe a source for information not contained
in the other defined zones. A stub zone is one similar to a
slave zone. While the slave zone replicates the
entire database of its master, the stub zone only replicates the
NS resource records. The master zone maintains a
database on disk.
Based upon the selection of zone type, some of the other options are required while others may be impertinent. Zones of type hint and master require the file option, while zones of type slave and stub require the masters option. Additionally, the only other option available to a hint zone is the check-names option. |
file | path-string | N/A | Specifies the location for the source of data specific to the zone. This parameter is only optional for stub and slave zones, where its inclusion indicates that a locally saved copy of the remote zone can be kept. The path-string parameter is a quoted string which can specify the file name either non-relative or relative to the options stanza's directory. If the path is intended to be specified relative to the server root, the options stanza must be specified before the zone stanza. |
masters | ipaddr | N/A | Specifies a list of sources that will be referenced for a slave or stub zone to retrieve its data. This option is not valid for any other type of zone, and must be included for either of these two types. |
check-names | warn
fail ignore | Overrides the check-names option in the global options stanza. The default value is inherited from the options stanza, where its default is fail for master zones and warn for slave zones. | |
allow-update | access-element | none | Indicates from what source addresses a zone will accept dynamic updates. access-elements are specified in the same manner as they are for the acl stanza. Because of the inherint insecurity of a dynamic update, this value defaults to none. If no update-security is specified, dynamic updates should be limited to a specific set of secured machines. |
update-security | unsecured
presecured controlled | unsecured | Valid only when the allow-update option specifies at least one
source address, update-security defines what type of secured update
mechanism the zone will use. The current zone update security method is
a non-standard two-key method, but is compatible with previous releases of the
name server.
presecured indicates that a zone will only accept updates for which names and resource records already exist, unless the update is signed by the zone's authorizing key. Normally, this means that the zone must be prepopulated with the names and records it is to maintain. controlled specifies a zone in which names can be added to the database without the signature of the zone's authorizing key, but existing records cannot be modified without being signed by the KEY resource record's corresponding private key. Note that a proper presecured or controlled zone must contain a zone KEY resource record. See the TCP/IP Name Resolution for more information regarding zone update security. |
allow-query | access-element | Overrides the globally available option allow-query. This option's default is inherited from the global options stanza, where its default is any. | |
allow-transfer | access-element | Overrides the globally available option allow-transfer. This option's default is inherited from the global options stanza, where its default is any. | |
max-transfer-time-in | seconds | Overrides the globally available option max-transfer-time-in. This option's default is inherited from the global options stanza, where its default is 120. | |
notify | yes
no | Overrides the globally available option notify. This option's default is inherited from the global options stanza, where its default is yes. | |
also-notify | ipaddr | N/A | The default NOTIFY mechanism will notify slave servers of a change in the DOMAIN database in order to limit the amount of time that the slave server retains a zone out of synchronization with the master server. The also-notify option allows for the addition of addresses to submit the notifications. |
dont-notify | ipaddr | N/A | Specifies a list of IP addresses to be removed from the default list of NOTIFY recipients. This option is useful if a name server is known to be problematic when receiving NOTIFY requests. |
notify-delaytime | seconds | 30 | Specifies an estimated time of delay between notifications to multiple
name servers. Because the receipt of a NOTIFY message
usually triggers the prompt request for a zone transfer, this option can tune
to latency in which each server will respond with the request for the modified
zone.
The real value used will be randomized between the specified number of seconds and twice this value. |
notify-retrytime | seconds | 60 | Specifies the number of seconds in which the name server will wait to retransmit a NOTIFY message which has gone unresponded. |
notify-retrycount | value | 3 | Specifies the maximum number of tries that the name server will attempt to send unanswered NOTIFY messages to other name servers. |
dump-interval | seconds | 3600 | Specifies an interval in which the name server will rewrite a dynamic
zone to the zone file. In the interim, all updates and other
transactions will be logged in the transaction log file for performance
reasons. Aside from this periodic zone dump, the transaction log file
is only discarded and the zone is only dumped when the name server is properly
shut down.
This option is only valid for zones in which the allow-update option specifies at least one valid accessor. Note: The transaction log file name is the zone file name with an appended ".log" extension. |
incr-interval | seconds | 300 | Specifies an interval in which the name server will accept dynamic
updates while not increasing the zone's SOA record's
serial level. Because a change in the zone SOA record will
instantiate a NOTIFY message, limiting this occurrence will limit
the amount of zone transfer requests at the expense of minimal zone
differences between a dynamic master server and its slave.
This option is only valid for zones in which the allow-update option specifies at least one valid accessor. |
deferupdcnt | value | 100 | Specifies a threshold value for the number of properly applied updates
received during one incr-interval interval. If more than
value updates are realized during the interval, the name server
will modify the zone SOA serial level and subsequently NOTIFY each of the
slave servers. Use this value to limit the database replication
inconsistencies in an environment where dynamic zone updates occur
infrequently but in large magnitude.
This option is only valid for zones in which the allow-update option specifies at least one valid accessor. |
key-xfer | yes
no | yes | Specifies whether the server should transmit KEY resource records during a zone transfer. In a very controlled environment where KEY queries will only be made to the master name server, setting this option to no will save zone transfer time and improve performance. |
timesync | yes
no | yes | Specifies that a name server should calculate the true expiration time of a SIG resource record using its own clock rather than relying on the expiration time set by a possible update source. This removes the inconsistencies involved when dynamic zone updaters have their system clocks misaligned from the name server host. Because enabling this option modifies the output and interpretation of a SIG resource record in a DOMAIN database file, disabling this option may be required when manually transfering a DOMAIN database file to another name server. |
timesync-xfer | yes
no | yes | Specifies which SIG resource record expiration time will be transfered during a zone transfer. Enabling this option is only valid when the timesync option is enabled. |
ixfr-directory | path-string | Specifies a directory in which temporary data files will be contained for
use with this zone. The datafiles contain incremental zone changes and
are essential to the proper use of the Incremental Zone Transfer
(IXFR) method. Because these files are created and destroyed
dynamically by the name server, one should not specify a globally-writable
directory. Additionally, the directory specified must be unique from
other ixfr-directory options specified in other zones.
The default value for this directory is derived from the zone's file name or domain name. By default, a directory is created in an "ixfrdata" directory within the name server's default directory. Contained in this directory will be subdirectory matching the base name of the zone's file name or domain name. It is not necessary to specify this option for the proper behavior of the IXFR feature. | |
save-backups | yes
no | no | To properly calculate an incremental zone difference between server
invocations, it is necessary to determine the zone database differences prior
to the shutdown of the server and after the loading of the server. By
enabling this option, a backup of the zone file will be written and read upon
loading of the name server to determine any zone differences.
While enabling this option is necessary to use the IXFR transfer method after a stop and restart transition of the name server, it is not necessary to realize incremental zone differences when a zone file is modified and signalled to reload via the SRC refresh command or SIGHUP signal. |
separate-dynamic | yes
no | no | Instructs the name server to retain $INCLUDE references in a dynamic zone when the DOMAIN database file is written to disk. The behavior of this feature implies that resource records that can be modified through the dynamic update mechanism exist in the DOMAIN database file referenced by the file option, while other resource records that should not be modified through the dynamic update mechanism be contained in files included (through the $INCLUDE directive) by the DOMAIN database file. |
The following examples show the some of the various ways to use configure a simple named.conf file. In these examples, two networks are represented: abc and xyz.
Network xyz consists of:
Note: Note that sandy, a gateway host, is on both networks and also serves as a slave name server for both domains.
#
# conf file for abc master server - gobi.abc
#
server 192.9.201.3 {
transfer-format many-answers;
};
zone "abc" in {
type master;
file "/etc/named.abcdata";
allow-update { localhost; };
};
zone "201.9.192.in-addr.arpa" in {
type master;
file "/etc/named.abcrev";
allow-update { localhost; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "/etc/named.abclocal";
};
#
# conf file for abc master server - kalahari.xyz
#
acl xyz-slaves {
160.9.201.3;
};
options {
directory "/etc";
allow-transfer { xyz-slaves; localhost; };
};
zone "xyz" in {
type master;
file "named.xyzdata";
};
zone "9.160.in-addr.arpa" in {
type master;
file "named.xyxrev";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "named.xyzlocal";
};
#
# conf file for slave server for abc and xyz - sandy
#
options {
directory "/etc";
};
zone "abc" in {
type slave;
masters { 192.9.201.2; };
file "named.abcdata.bak";
};
zone "xyz" in {
type slave;
masters { 160.9.201.4; };
file "named.xyzdata.bak";
};
zone "201.9.192.in-addr.arpa" in {
type slave;
masters { 192.9.201.2; };
};
zone "9.160.in-addr.arpa" in {
type slave;
masters { 192.9.201.4; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};
#
# conf file for hint server for xyz - sahara
#
zone "." in {
type hint;
file "/etc/named.ca";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "/etc/named.local";
};
/usr/samples/tcpip/named.conf | Contains the sample named.conf file. |
The named daemon.
The syslogd daemon.
The DOMAIN cache file format, DOMAIN local file format, DOMAIN data file format, DOMAIN Reverse data file format, rc.tcpip file format.
Configuring a Primary Name Server and Naming for TCP/IP in AIX 5L Version 5.1 System Management Guide: Communications and Networks.