Defines the configuration and behavior of the named daemon.
The /etc/named.conf file is the default configuration file for the named server. If the named daemon is started without specifying an alternate file, the named daemon reads this file for information on how to set up the local name server.
Note: The named daemon reads the configuration file only when the named daemon starts or when the named daemon receives an SRC refresh command or a SIGHUP signal.
The data in the named.conf file specifies general configuration characteristics for the name server, defines each zone for which the name server is responsible (its zones of authority), and provides further config information per zone, possibly including the source DOMAIN database file for the zone.
Any database files referenced in the named.conf file must be in Standard Resource Record Format. These data files can have any name and any directory path. However, for convenience in maintaining the named database, they are generally given names in the following form: /etc/named.extension. The general format of named data files is described in DOMAIN Data File, DOMAIN Reverse Data File, DOMAIN Cache File, and DOMAIN Local File.
Comments in the named.conf file can begin with a # (pound sign) or // (two forward slashes), or can be enclosed in the C-style comment characters, e.g., /* comment text */.
Configuration options are lines of text beginning with a keyword, possibly including some option text or a list, and ending in a ; (semicolon).
The named.conf file is organized into stanzas. Each stanza is an enclosed set of configuration options that define either general characteristics of the daemon or a zone configuration. Certain stanza definitions are allowed only at the top-level, therefore nesting these stanzas is not allowed. The current top-level configuration stanza keywords are: acl, key, logging, options, server, and zone.
Further configuration information can be incorporated into the conf file via the include keyword. This keyword directs the daemon to insert the contents of the indicated file into the current position of the include directive.
acl acl-name {
access-element;
[ access-element; ... ]
};
Defines an access control list to be referenced thoughout the configuration file byacl-name. Multiple acl definitions can exist within one configuration file provided that each acl-name is unique. Additionally, four default access control lists are defined:
| Option | Values | Explanation |
|---|---|---|
| access-element | IP-address IP-prefix acl-reference |
Defines a source as allowed or
disallowed. Multiple access-elements are
allowed inside the acl stanza.
Each element can be an IP address in dot notation (e.g., 9.3.149.66) an IP prefix in CIDR or slash notation (e.g., 9.3.149/24) or a reference to another access control list (e.g., localhost). Additionally, each element indicates whether the element is allowed or disallowed access via an ! (exclamation point) modifier prepended to the element. For example: acl hostlist1 {
!9.53.150.239;
9.3.149/24;
};
When the access control list " hostlist1" is referenced in the configuration, it implies to allow access from any host whose IP address begins with 9.3.149 and to disallow access from the internet host 9.53.150.239. |
key key-name {
algorithm alg-id;
secret secret-string;
};
Defines an algorithm and shared secret key to be referenced in a server stanza and used for authentication by that name server. This feature is included for future use and is currently unused in the name server.
| Option | Values | Explanation |
|---|---|---|
| algorithm | alg-id string | A quoted-string that defines the type of security algorithm that will be used when interpreting the secret string. None are defined at this time. |
| secret | secret-string string | A quoted-string that is used by the algorithm to authenticate the host. |
logging {
[ channel channel-name {
( file file-name
[ versions ( num-vers | unlimited ) ]
[ size size-value ]
| syslog ( kern | user | mail | daemon |
syslog | lpr | news | uucp )
| null );
[ print-category ( yes | no ); ]
[ print-severity ( yes | no ); ]
[ print-time ( yes | no ); ]
}; ... ]
[ category category-name {
channel-reference;
[ channel-reference; ... ]
}; ... ]
};
In this newest version of the name server, the logging facility has been greatly improved to allow for much reconfiguration of the default logging mechanism. The logging stanza is used to define logging output channels and to associate the predefined logging categories with either the predefined or user-defined logging output channels.
When no logging stanza is included in the conf file, the name server still logs messages and errors just as it has in previous releases. Informational and some critical messages will be logged through the syslog daemon facility, and debug and other esoteric information will be logged to the named.run file when the global debug level (set with the -d command-line option) is non-zero.
| Option | Values | Explanation |
|---|---|---|
| channel | Defines an output channel to be referenced later by
the channel-name identifier. An output channel
specifies a destination for output messages to be sent as
well as some formatting information to be used when
writing the output message. More than one output channel
can be defined provided that each channel-identifier
is unique. Also, each output channel can be referenced
from multiple logging categories.
There are four predefined output channels:
| |
| file | file-name string | Defines an output channel as one that
logs messages to an output file. The file used for output
is specified with the file-name string.
Additionally, the file option allows for
controlling how many versions of the output file should
be kept, and what size limit the output file should never
exceed. The file, syslog, and null output paths are mutually exclusive. |
| versions | num-versions unlimited |
Specifies the number of old output files that should be kept. When an output file is reopened, rather than replacing a possible existing output file, the existing output file will be saved as an old output file with a .value extension. Using the num-versions value, one can limit the number of old output files to be kept. However, specifying the unlimited keyword indicates to continually accumulate old output file versions. By default, no old versions of any log file are kept. |
| size | size-value | Specifies the maximum size of the log
file used by this channel. By default, the size is
unlimited. However, when a size is configured, once size-value
bytes are written to the file, nothing more will be
written until the file is reopened. Accepted values for size-value include the word "unlimited" and numbers with k, m, or g modifiers specifying kilobytes, megabytes, and gigabytes respectively. For example, 1000k and 1m indicate one thousand kilobytes and one megabyte respectively. |
| syslog | kern user daemon auth syslog lpr news uucp |
Defines an output channel as one that
redirects its messages to the syslog service. The
supported value keywords correspond to facilities logged
by the syslog service. Ultimately, the syslog service will define which received messages will be logged through the service, therefore, if definining a channel to redirect its messages to the syslog service's user facility would not result in any visibly logged messages if the syslog service is not configured to output messages from this facility. For more information concerning the syslog service, see the syslogd daemon. The file, syslog, and null output paths are mutually exclusive. |
| null | Defines an output channel through which all messages will be discarded. All other output channel options are invalid for an output channel whose output path is null. | |
| severity | critical error warning notice info debug [ level ] dynamic |
Sets a threshold of message severities
to be logged through the output channel. While these
severity definitions are similar to those used by the
syslog service, for the name server they also control
output through file path channels. Messages must meet or
exceed the severity level to be logged through the output
channel. The dynamic severity specifies that the
name server's global debug level (specified when the
daemon is invoked with the -d flag) controls
which messages pass through the output channel. Also, the debug severity can specify a level modifier which is an upper threshold for debug messages whenever the name server has debugging enabled at any level. A lower debug level indicates less information is to be logged through the channel. It is not necessary for the global debug level to meet or exceed the debug level value. If used with the syslog output path, the syslog facility will ultimately control what severities are logged through the syslog service. For example, if the syslog service is configured to only log daemon.info messages, and the name server is configured to channel all debug messages to the syslog service, the syslog service will filter the messages from its output path. |
| print-category | yes no |
Controls the format of the
output message when it is sent through the output path.
Regardless of which, how many, or in which order these
options are listed inside the channel stanza, the message
will be prepended with the the text in a time, category,
severity order. The following is an example of a message with all three print- options enabled:
By default, no extra text will be prepended to an output message. Note that when the syslog service logs messages, it also prepends the date and time information to the text of the message. Thus, enabling print-time on a channel that uses the syslog output path would result in the syslog service logging a message with two dates prepended to it. |
| print-severity | yes no | |
| print-time | yes no | |
| category | The category keyword defines a stanza which
associates a logging or messaging category with
predefined or user-defined output channels. By default, the following categories are defined:
| |
| category-name | default config parser queries lame-servers statistics panic update ncache xfer-in xfer-out db event-lib packet notify cname security os insist maintenance load response-checks |
The category-name specifies which
logging category is to be associated with the listed channel-references.
This results in any output text generated by the name
server daemon for that logging category to be redirected
through each of the channel-references listed. The default category defines all messages that are not listed in one of the specific categories listed. Also, the insist and panic categories are associated with messages that define a fatal inconsistency in the name server's state. The remaining categories define messages that are generated when handling specific functions of the name server. For example, the update category is used when logging errors or messages specific to the handling of a dynamic zone update, and the parser category is used when logging errors or messages during the parsing of the conf file. |
| channel-reference | References a channel-name identifier defined previously in the logging configuration stanza. Therefore, every message associated with the defined category-name will be logged through each of the defined channel-references. |
options {
[ directory path-string; ]
[ named-xfer path-string; ]
[ dump-file path-string; ]
[ pid-file path-string; ]
[ statistics-file path-string; ]
[ auth-nxdomain ( yes | no ); ]
[ fake-iquery ( yes | no ); ]
[ fetch-glue ( yes | no ); ]
[ multiple-cnames ( yes | no ); ]
[ notify ( yes | no ); ]
[ recursion ( yes | no ); ]
[ forward ( only | first ); ]
[ forwarders { ipaddr; [...] }; ]
[ check-names
( master|slave|response )
( warn|fail|ignore ); ]
[ allow-query { access-element; [...] }; ]
[ allow-transfer { access-element; [...] ); ]
[ listen-on [ port port-num ] { access-element; [...] }; ... ]
[ query-source [ address ( ipaddr|* ) ] [ port ( port|* ) ]; ]
[ max-transfer-time-in seconds; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in value; ]
[ transfers-out value; ]
[ transfers-per-ns value; ]
[ coresize size-value; ]
[ datasize size-value; ]
[ files size-value; ]
[ stacksize size-value; ]
[ clean-interval value; ]
[ interface-interval value; ]
[ statistics-interval value; ]
[ topology { access-element; [...] }; ]
};
Defines many globally available options to to modify basic characteristics of the name server.
Because some of the options in this configuration stanza may modify the behavior in how the named daemon will read and interpret later sections of the named file, it is highly recommended that the options stanza be the first stanza listed in the configuration file.
| Option | Values | Default | Explanation |
|---|---|---|---|
| directory | path-string | "." | Indicates the directory from which all
relative paths will be anchored. The path-string
parameter must be a quoted string. For example, to
indicate that all zone files will exist in the
"/usr/local/named/data" without listing each
file in the zone definitions,
specify the global option directory as:
|
| named-xfer | path-string | "/usr/sbin/named-xfer" | Specifies the path and executable name of the named-xfer command used for inbound zone transfers. The path-string parameter must be a quoted string. |
| dump-file | path-string | "/usr/tmp/named_dump.db" | Specifies a filename to which the database in memory will be dumped whenever the named daemon receives a SIGINT signal. |
| pid-file | path-string | "/etc/named.pid" | Specifies the file in which the named daemon will write its PID value. |
| statistics-file | path-string | "/usr/tmp/named.stats" | Specifies the file to which the name server will append operating statistics when it receives the SIGILL signal. |
| auth-nxdomain | yes no |
yes | Controls whether the server should respond authoritatively when returning an NXDOMAIN response. |
| fake-iquery | yes no |
no | Controls whether the server should respond to the obsolete IQUERY requests. |
| fetch-glue | yes no |
yes | Controls whether the server should search for "glue" records to include in the additional section of a query response. |
| multiple-cnames | yes no |
no | Controls whether the server will allow multiple CNAME records for one domain name in any of its zone databases. This practice is discouraged but an option remains for backwards compatibility. |
| notify | yes no |
yes | Controls whether the name server will send NOTIFY messages to its slave servers upon realization of zone changes. Because the slave servers will almost immediately respond to the NOTIFY message with a request for zone transfer, this limits the amount of time that the databases are out of synchronization in the master and slave relationship. |
| recursion | yes no |
yes | Controls whether the server will attempt to resolve names outside of its domains on behalf of the client. If set to no, the name server will return a referral to the client in order for the client to continue searching for the name. Used with the fetch-glue option, one can contain the amount of data that grows in the name server's memory cache. |
| forward | only first |
first | Controls how forwarding is used when forwarding is enabled. When set to first, the name server will attempt to search for a name whenever the forwarded host does not provide an answer. However, when set to only, the name server will not attempt this extra work. |
| forwarders | ipaddr | (empty list) | Enables the use of query forwarding when defining a Forwarding Name Server. The ipaddr parameter list specifies the hosts to which the query should be forwarded when it cannot be resolved from the local database. Each ipaddr is an internet address in standard dot notation. |
| check-names | master ignore master warn master fail slave ignore slave warn slave fail response ignore response warn response fail |
master fail slave warn response ignore |
Controls how the name server will handle
non-RFC compliant host names and domain names through
each of its operation domains. The master
keyword specifies how to handle malformed names in a
master zone file. ignore directs the server to ignore any
malformed names and continue normal processing. |
| allow-query | access-element | any | Limits the range of querying hosts allowed to access the system. Each access-element is specified in the same manner as in the acl stanza defined earlier. |
| allow-transfer | access-element | any | Limits the range of querying hosts that are requesting zone transfers. Each access-element is specified in the same manner as in the acl stanza defined earlier. |
| listen-on | port port-num access-element |
port 53 { localhost; } | Limits the interfaces available to the
name server daemon and controls which port to use to
listen for queries. By default, the name server uses all
interfaces on the system and listens on port 53.
Additionally, multiple listen-on definitions are
allowed within the options stanza. Each access element is specified in the same manner as in the acl stanza defined earlier. The following example limits the name server to using only the interface with address 9.53.150.239:
|
| query-source | address ipaddr address * port port port * |
address * port * | Modifies the default address and port from which queries will originate. |
| max-transfer-time-in | seconds | 120 | Specifies the maximum amount of time an inbound zone transfer will be allowed to run before it is aborted. This is used to control an event in which a child process of the name server does not execute or terminate properly. |
| transfer-format | one-answer many-answers |
one-answer | Controls the method in which full zone transfers will be sent to requestors. The one-answer method uses one packet per zone resource record while many-answers will insert as many resource records into one packet as possible. While the many-answers method is more efficient, it is only understood by the newest revisions of the name server. This option can be overridden in the server stanza to specify the method on a per name server basis. |
| transfers-in | value | 10 | Specifies the maximum number of concurrent inbound zone transfers. While this will limit the amount of time each slave zone is out of synchronization with the master's database, because each inbound transfer runs in a separate child process, increasing the value may also increase the load on the slave server. |
| transfers-out | value | N/A | Specifies the maximum number of concurrent outbound zone transfers for the name server. This option is currently unused in the server, but will be available at a later time. |
| transfers-per-ns | value | 2 | Specifies the maximum amount of concurrent zone transfers from a specific remote name server. While this will limit the amount of time each slave zone is out of synchronization with the master's database, increasing this value may increase the load on the remote master server. |
| coresize | size-value | default | Configures some process
specific values for the daemon. The default values or those inherited by the system and by the system's resources. Each size-value can be specified as a number or as a number followed by the k, m, and g modifiers indicating kilobytes, megabytes, and gigabytes respectively. |
| datasize | size-value | default | |
| files | value | unlimited | |
| stacksize | size-value | default | |
| clean-interval | minutes | 60 | Controls the intervals for
the periodic maintenance tasks of the name server. The clean-interval specifies how frequently the server will remove expired resource records from the cache. The interface-interval specifies how frequently the server will rescan for interfaces in the system. The statistics-interval specifies how frequently the name server will output statistics data. A minutes value of zero indicates that the service task should only run when the configuration file is reread. |
| interface-interval | minutes | 60 | |
| statistics-interval | minutes | 60 | |
| cleandb-time | time | N/A | Specifies a time of day in which the
database will be scanned and any dynamic records whose
set of SIG resource records are all expired will
be removed. For a dynamic zone which has update-security
set to presecured, only the expired SIG KEY
will remain. The default is to never perform this scan. Instead, the expired records will remain until the name is queried. time is specified as HH:MM in a 24-hour format. |
| topology | access-element | localhost; localnets; | Specifies a search order to use to find
a preference in a list of addresses corresponding to a
name server. Whenever a query is forwarded or a query
must be made to another name server, it may be necessary
to choose an address from a list of available addresses.
Each access-element, while seemingly similar to those specified in an acl stanza, is interpretted by its position in the list. The first elements in the list are preferred more than those following them. Negated elements (those specified with the ! (exclamation point) modifier) are considered least desirable. |
server ipaddr
{
[ bogus ( yes | no ); ]
[ transfers value;
]
[ transfer-format ( one-answer |
many-answers ); ]
}
Modifies the behavior in which the remote name server matching the specified ipaddr IP address should be treated.
| Option | Values | Explanation |
|---|---|---|
| bogus | yes no |
Indicates that the name server identified by the stanza should not be used again. The default value is no. |
| transfers | value | Overrides the globally available option transfers-per-ns. Specifies a maximum value for the number of concurrent inbound zone transfers from the foreign name server identified by the stanza. |
| transfer-format | one-answer many-answers |
Overrides the globally available option transfer-format to a specific value for the specified server. The transfer-format option indicates to the name server how to form its outbound full zone transfers. By default, the value is inherited from the options stanza (where it defaults to one-answer). one-answer specifies that only one resource record can be sent per packet during the zone transfer, whereas many-answers indicates to entirely fill the outbound packet with resource records. The many-answers format is only available in the newest revisions of the name server. |
zone domain-string [ class ] {
type ( hint | stub | slave | master );
[ file path-string; ]
[ masters { ipaddr; [...] }; ]
[ check-names ( warn | fail | ignore ); ]
[ allow-update { access-element; [...] }; ]
[ update-security ( unsecured | presecured | controlled ); ]
[ allow-query { access-element; [...] }; ]
[ allow-transfer { access-element; [...] }; ]
[ max-transfer-time-in seconds; ]
[ notify ( yes | no ); ]
[ also-notify { ipaddr; [...] }; ]
[ dont-notify { ipaddr; [...] }; ]
[ notify-delaytime seconds; ]
[ notify-retrytime seconds; ]
[ notify-retrycount value; ]
[ dump-interval seconds; ]
[ incr-interval seconds; ]
[ deferupdcnt value; ]
[ key-xfer ( yes | no ); ]
[ timesync ( yes | no ); ]
[ timesync-xfer ( yes | no ); ]
[ save-backups ( yes | no ); ]
[ ixfr-directory path-string; ]
[ separate-dynamic ( yes | no ); ]
};
The zone stanza is used to define a zone, its type, possible location of data, and operating parameters. The domain-string is a quoted string specifying the zone, where "." is used to specify the root zone. The class paramter specifies the class of the zone as either in, hs, hesiod, or chaos. By default, the class is assumed to be IN.
| Option | Values | Default | Explanation |
|---|---|---|---|
| type | hint stub slave master |
N/A | Defines the type of the zone. hint
zones, previously regarded as cache zones, only describe
a source for information not contained in the other
defined zones. A stub zone is one similar to a slave
zone. While the slave zone replicates the entire
database of its master, the stub zone only
replicates the NS resource records. The master
zone maintains a database on disk. Based upon the selection of zone type, some of the other options are required while others may be impertinent. Zones of type hint and master require the file option, while zones of type slave and stub require the masters option. Additionally, the only other option available to a hint zone is the check-names option. |
| file | path-string | N/A | Specifies the location for the source of data specific to the zone. This parameter is only optional for stub and slave zones, where its inclusion indicates that a locally saved copy of the remote zone can be kept. The path-string parameter is a quoted string which can specify the file name either non-relative or relative to the options stanza's directory. If the path is intended to be specified relative to the server root, the options stanza must be specified before the zone stanza. |
| masters | ipaddr | N/A | Specifies a list of sources that will be referenced for a slave or stub zone to retrieve its data. This option is not valid for any other type of zone, and must be included for either of these two types. |
| check-names | warn fail ignore |
Overrides the check-names option in the global options stanza. The default value is inherited from the options stanza, where its default is fail for master zones and warn for slave zones. | |
| allow-update | access-element | none | Indicates from what source addresses a zone will accept dynamic updates. access-elements are specified in the same manner as they are for the acl stanza. Because of the inherint insecurity of a dynamic update, this value defaults to none. If no update-security is specified, dynamic updates should be limited to a specific set of secured machines. |
| update-security | unsecured presecured controlled |
unsecured | Valid only when the allow-update
option specifies at least one source address, update-security
defines what type of secured update mechanism the zone
will use. The current zone update security method is a
non-standard two-key method, but is compatible with
previous releases of the name server. presecured indicates that a zone will only accept updates for which names and resource records already exist, unless the update is signed by the zone's authorizing key. Normally, this means that the zone must be prepopulated with the names and records it is to maintain. controlled specifies a zone in which names can be added to the database without the signature of the zone's authorizing key, but existing records cannot be modified without being signed by the KEY resource record's corresponding private key. Note that a proper presecured or controlled zone must contain a zone KEY resource record. See the TCP/IP Name Resolution for more information regarding zone update security. |
| allow-query | access-element | Overrides the globally available option allow-query. This option's default is inherited from the global options stanza, where its default is any. | |
| allow-transfer | access-element | Overrides the globally available option allow-transfer. This option's default is inherited from the global options stanza, where its default is any. | |
| max-transfer-time-in | seconds | Overrides the globally available option max-transfer-time-in. This option's default is inherited from the global options stanza, where its default is 120. | |
| notify | yes no |
Overrides the globally available option notify. This option's default is inherited from the global options stanza, where its default is yes. | |
| also-notify | ipaddr | N/A | The default NOTIFY mechanism will notify slave servers of a change in the DOMAIN database in order to limit the amount of time that the slave server retains a zone out of synchronization with the master server. The also-notify option allows for the addition of addresses to submit the notifications. |
| dont-notify | ipaddr | N/A | Specifies a list of IP addresses to be removed from the default list of NOTIFY recipients. This option is useful if a name server is known to be problematic when receiving NOTIFY requests. |
| notify-delaytime | seconds | 30 | Specifies an estimated time of delay
between notifications to multiple name servers. Because
the receipt of a NOTIFY message usually triggers
the prompt request for a zone transfer, this option can
tune to latency in which each server will respond with
the request for the modified zone. The real value used will be randomized between the specified number of seconds and twice this value. |
| notify-retrytime | seconds | 60 | Specifies the number of seconds in which the name server will wait to retransmit a NOTIFY message which has gone unresponded. |
| notify-retrycount | value | 3 | Specifies the maximum number of tries that the name server will attempt to send unanswered NOTIFY messages to other name servers. |
| dump-interval | seconds | 3600 | Specifies an interval in which the name
server will rewrite a dynamic zone to the zone file.
In the interim, all updates and other transactions will
be logged in the transaction log file for performance
reasons. Aside from this periodic zone dump, the
transaction log file is only discarded and the zone is
only dumped when the name server is properly shut down. This option is only valid for zones in which the allow-update option specifies at least one valid accessor. Note: The transaction log file name is the zone file name with an appended ".log" extension. |
| incr-interval | seconds | 300 | Specifies an interval in which the name
server will accept dynamic updates while not increasing
the zone's SOA record's serial level. Because a
change in the zone SOA record will instantiate a
NOTIFY message, limiting this occurrence will
limit the amount of zone transfer requests at the expense
of minimal zone differences between a dynamic master
server and its slave. This option is only valid for zones in which the allow-update option specifies at least one valid accessor. |
| deferupdcnt | value | 100 | Specifies a threshold value for the
number of properly applied updates received during one incr-interval
interval. If more than value updates are realized
during the interval, the name server will modify the zone
SOA serial level and subsequently NOTIFY each of the
slave servers. Use this value to limit the database
replication inconsistencies in an environment where
dynamic zone updates occur infrequently but in large
magnitude. This option is only valid for zones in which the allow-update option specifies at least one valid accessor. |
| key-xfer | yes no |
yes | Specifies whether the server should transmit KEY resource records during a zone transfer. In a very controlled environment where KEY queries will only be made to the master name server, setting this option to no will save zone transfer time and improve performance. |
| timesync | yes no |
yes | Specifies that a name server should calculate the true expiration time of a SIG resource record using its own clock rather than relying on the expiration time set by a possible update source. This removes the inconsistencies involved when dynamic zone updaters have their system clocks misaligned from the name server host. Because enabling this option modifies the output and interpretation of a SIG resource record in a DOMAIN database file, disabling this option may be required when manually transfering a DOMAIN database file to another name server. |
| timesync-xfer | yes no |
yes | Specifies which SIG resource record expiration time will be transfered during a zone transfer. Enabling this option is only valid when the timesync option is enabled. |
| ixfr-directory | path-string | Specifies a directory in which temporary
data files will be contained for use with this zone. The
datafiles contain incremental zone changes and are
essential to the proper use of the Incremental Zone
Transfer (IXFR) method. Because these files are
created and destroyed dynamically by the name server, one
should not specify a globally-writable directory.
Additionally, the directory specified must be unique from
other ixfr-directory options specified in other
zones. The default value for this directory is derived from the zone's file name or domain name. By default, a directory is created in an "ixfrdata" directory within the name server's default directory. Contained in this directory will be subdirectory matching the base name of the zone's file name or domain name. It is not necessary to specify this option for the proper behavior of the IXFR feature. | |
| save-backups | yes no |
no | To properly calculate an incremental
zone difference between server invocations, it is
necessary to determine the zone database differences
prior to the shutdown of the server and after the loading
of the server. By enabling this option, a backup of the
zone file will be written and read upon loading of the
name server to determine any zone differences. While enabling this option is necessary to use the IXFR transfer method after a stop and restart transition of the name server, it is not necessary to realize incremental zone differences when a zone file is modified and signalled to reload via the SRC refresh command or SIGHUP signal. |
| separate-dynamic | yes no |
no | Instructs the name server to retain $INCLUDE references in a dynamic zone when the DOMAIN database file is written to disk. The behavior of this feature implies that resource records that can be modified through the dynamic update mechanism exist in the DOMAIN database file referenced by the file option, while other resource records that should not be modified through the dynamic update mechanism be contained in files included (through the $INCLUDE directive) by the DOMAIN database file. |
The following examples show the some of the various ways to use configure a simple named.conf file. In these examples, two networks are represented: abc and xyz.
Network xyz consists of:
Note: Note that sandy, a gateway host, is on both networks and also serves as a slave name server for both domains.
| /usr/samples/tcpip/named.conf | Contains the sample named.conf file. |
The named daemon.
The syslogd daemon.
The DOMAIN cache file format, DOMAIN local file format, DOMAIN data file format, DOMAIN Reverse data file format, rc.tcpip file format.
Configuring a Primary Name Server and Naming for TCP/IP in &BkSym.sysmgcn;.