named.conf

The configuration file for the named daemon is named.conf, located in the /etc directory. It uses a flexible syntax similar to C programs. The format enables easy configuration of selected zones, enabling features such as access control lists and categorized logging. The named.conf file consists of BIND configuration statements with attached blocks within which specific options are listed. A configuration statement is followed by arguments and a block that is delimited with braces. Within the block are lines of option and feature entries. Each entry is terminated with a semicolon. Comments can use the C, C++, or Shell/Perl syntax: enclosing /* */, preceding //, or preceding #. The following example shows a zone statement followed by the zone name and a block of options that begin with an opening brace, {. Each option entry ends with a semicolon. The entire block ends with a closing brace, also followed by a semicolon. The format for a named.conf entry is shown here, along with the different kinds of comments allowed. Tables 35-5, 35-6, and 35-7 list several commonly used statements and options.

// comments
/* comments */
# comments
   
statements {
 options and features; //comments
};

The following example shows a simple caching server entry:

// a caching only nameserver config
//
zone "." {
       type hint;
       file "named.ca";
       };

Note

The named.conf file is a new feature implemented with BIND version 8.x and 9.x. The older BIND 4.x versions use a file called named.boot. This file is no longer used by version 8.x. The syntaxes used in these configuration files differ radically. If you upgrade to 8.x, you can use the named-bootconf.pl Perl script provided with the BIND software to convert your named.boot file to a named.conf file.

zone Statement

The zone statement is used to specify the domains the name server will service. You enter the keyword zone, followed by the name of the domain placed within double quotes. Do not place a period at the end of the domain name. In the following example, a period is within the domain name, but not at the end, "mytrek.com"; this differs from the zone file, which requires a period at the end of a complete domain name.

After the zone name, you can specify the class in, which stands for Internet. You can also leave it out, in which case in is assumed (there are only a few other esoteric classes that are rarely used). Within the zone block, you can place several options (see Table 34-6 later in this chapter). Two essential options are type and file. The type option is used to specify the zone's type. The file option is used to specify the name of the zone file to be used for this zone. You can choose from several types of zones: master, slave, stub, forward, and hint. Master specifies that the zone holds master information and is authorized to act on it. A master server was called a primary server in the older 4.x BIND configuration. Slave indicates that the zone needs to update its data periodically from a specified master name server. You use this entry if your name server is operating as a secondary server for another primary (master) DNS server. A stub zone copies only other name server entries, instead of the entire zone. A forward zone directs all queries to name servers specified in a forwarders statement. A hint zone specifies the set of root name servers used by all Internet DNS servers. You can also specify several options that can override any global options set with the options statement. Table 34-4 lists the BIND zone types. The following example shows a simple zone statement for the mytrek.com domain. Its class is Internet (in) and its type is master. The name of its zone file is usually the same as the zone name, in this case, "mytrek.com."

Table 34-4: DNS BIND Zone Types
Type	Description
master	Primary DNS zone
slave	Slave DNS server; controlled by a master DNS server
hint	Set of root DNS Internet servers
forward	Forwards any queries in it to other servers
stub	Like a slave zone, but holds only names of DNS servers

zone "mytrek.com" in {
       type master;
       file "mytrek.com";
       };

Configuration Statements

Other statements, such as acl, server, options, and logging, enable you to configure different features for your name server (see Table 34-5). The server statement defines the characteristics to be associated with a remote name server, such as the transfer method and key ID for transaction security. The control statement defines special control channels. The key statement defines a key ID to be used in a server statement that associates an authentication method with a particular name server (see "DNSSEC" later in this chapter). The logging statement is used to configure logging options for the name server, such as the maximum size of the log file and a severity level for messages. Table 34-5 lists the BIND statements. The sortlists statement lets you specify preferences to be used when a query returns multiple responses. For example, you could give preference to your localhost network or to a private local network such a 192.168.0.0.

Table 34-5: BIND Configuration Statements
Statements	Description
/* comment */	BIND comment in C syntax.
// comment	BIND comment in C++ syntax.
# comment	BIND comment in Unix shell and Perl syntax.
acl	Defines a named IP address matching list.
include	Includes a file, interpreting it as part of the named.conf file.
key	Specifies key information for use in authentication and authorization.
logging	Specifies what the server logs and where the log messages are sent.
options	Global server configuration options and defaults for other statements.
controls	Declares control channels to be used by the ndc utility.
server	Sets certain configuration options for the specified server basis.
sortlists	Gives preference to specified networks according to a queries source.
trusted-keys	Defines DNSSEC keys preconfigured into the server and implicitly trusted.
zone	Defines a zone.
view	Defines a view.

Table 34-6: Zone Options
Options	Description
type	Specifies a zone type.
file	Specifies the zone file for the zone.
directory	Specifies a directory for zone files.
forwarders	Lists hosts for DNS servers where requests are to be forwarded.
masters	Lists hosts for DNS master servers for a slave server.
notify	Allows master servers to notify their slave servers when the master zone data changes and updates are needed.
allow-transfer	Specifies which hosts are allowed to receive zone transfers.
allow-query	Specifies hosts that are allowed to make queries.
allow-recursion	Specifies hosts that are allowed to perform recursive queries on the server.