< Day Day Up > |
The configuration file for the named daemon is named.conf, located in the /etc directory. It uses a flexible syntax similar to C programs. The format enables easy configuration of selected zones, enabling features such as access control lists and categorized logging. The named.conf file consists of BIND configuration statements with attached blocks within which specific options are listed. A configuration statement is followed by arguments and a block that is delimited with braces. Within the block are lines of option and feature entries. Each entry is terminated with a semicolon. Comments can use the C, C++, or Shell/Perl syntax: enclosing /* */, preceding //, or preceding #. The following example shows a zone statement followed by the zone name and a block of options that begin with an opening brace, {. Each option entry ends with a semicolon. The entire block ends with a closing brace, also followed by a semicolon. The format for a named.conf entry is shown here, along with the different kinds of comments allowed. Tables 35-5, 35-6, and 35-7 list several commonly used statements and options.
// comments /* comments */ # comments statements { options and features; //comments };
The following example shows a simple caching server entry:
// a caching only nameserver config // zone "." { type hint; file "named.ca"; };
Note |
The named.conf file is a new feature implemented with BIND version 8.x and 9.x. The older BIND 4.x versions use a file called named.boot. This file is no longer used by version 8.x. The syntaxes used in these configuration files differ radically. If you upgrade to 8.x, you can use the named-bootconf.pl Perl script provided with the BIND software to convert your named.boot file to a named.conf file. |
The zone statement is used to specify the domains the name server will service. You enter the keyword zone, followed by the name of the domain placed within double quotes. Do not place a period at the end of the domain name. In the following example, a period is within the domain name, but not at the end, "mytrek.com"; this differs from the zone file, which requires a period at the end of a complete domain name.
After the zone name, you can specify the class in, which stands for Internet. You can also leave it out, in which case in is assumed (there are only a few other esoteric classes that are rarely used). Within the zone block, you can place several options (see Table 34-6 later in this chapter). Two essential options are type and file. The type option is used to specify the zone's type. The file option is used to specify the name of the zone file to be used for this zone. You can choose from several types of zones: master, slave, stub, forward, and hint. Master specifies that the zone holds master information and is authorized to act on it. A master server was called a primary server in the older 4.x BIND configuration. Slave indicates that the zone needs to update its data periodically from a specified master name server. You use this entry if your name server is operating as a secondary server for another primary (master) DNS server. A stub zone copies only other name server entries, instead of the entire zone. A forward zone directs all queries to name servers specified in a forwarders statement. A hint zone specifies the set of root name servers used by all Internet DNS servers. You can also specify several options that can override any global options set with the options statement. Table 34-4 lists the BIND zone types. The following example shows a simple zone statement for the mytrek.com domain. Its class is Internet (in) and its type is master. The name of its zone file is usually the same as the zone name, in this case, "mytrek.com."
Type |
Description |
---|---|
master |
Primary DNS zone |
slave |
Slave DNS server; controlled by a master DNS server |
hint |
Set of root DNS Internet servers |
forward |
Forwards any queries in it to other servers |
stub |
Like a slave zone, but holds only names of DNS servers |
zone "mytrek.com" in { type master; file "mytrek.com"; };
Other statements, such as acl, server, options, and logging, enable you to configure different features for your name server (see Table 34-5). The server statement defines the characteristics to be associated with a remote name server, such as the transfer method and key ID for transaction security. The control statement defines special control channels. The key statement defines a key ID to be used in a server statement that associates an authentication method with a particular name server (see "DNSSEC" later in this chapter). The logging statement is used to configure logging options for the name server, such as the maximum size of the log file and a severity level for messages. Table 34-5 lists the BIND statements. The sortlists statement lets you specify preferences to be used when a query returns multiple responses. For example, you could give preference to your localhost network or to a private local network such a 192.168.0.0.
Statements |
Description |
---|---|
/* comment */ |
BIND comment in C syntax. |
// comment |
BIND comment in C++ syntax. |
# comment |
BIND comment in Unix shell and Perl syntax. |
acl |
Defines a named IP address matching list. |
include |
Includes a file, interpreting it as part of the named.conf file. |
key |
Specifies key information for use in authentication and authorization. |
logging |
Specifies what the server logs and where the log messages are sent. |
options |
Global server configuration options and defaults for other statements. |
controls |
Declares control channels to be used by the ndc utility. |
server |
Sets certain configuration options for the specified server basis. |
sortlists |
Gives preference to specified networks according to a queries source. |
trusted-keys |
Defines DNSSEC keys preconfigured into the server and implicitly trusted. |
zone |
Defines a zone. |
view |
Defines a view. |
Options |
Description |
---|---|
type |
Specifies a zone type. |
file |
Specifies the zone file for the zone. |
directory |
Specifies a directory for zone files. |
forwarders |
Lists hosts for DNS servers where requests are to be forwarded. |
masters |
Lists hosts for DNS master servers for a slave server. |
notify |
Allows master servers to notify their slave servers when the master zone data changes and updates are needed. |
allow-transfer |
Specifies which hosts are allowed to receive zone transfers. |
allow-query |
Specifies hosts that are allowed to make queries. |
allow-recursion |
Specifies hosts that are allowed to perform recursive queries on the server. |
< Day Day Up > |
This HTML Help has been published using the chm2web software. |