< Day Day Up > |
The options statement defines global options and can be used only once in the configuration file. An extensive number of options cover such components as forwarding, name checking, directory path names, access control, and zone transfers, among others (see Table 34-7). A complete listing can be found in the BIND documentation.
Options |
Description |
---|---|
sortlist |
Gives preference to specified networks according to a queries source. |
directory |
Specifies a directory for zone files. |
forwarders |
Lists hosts for DNS servers where requests are to be forwarded. |
allow-transfer |
Specifies which hosts are allowed to receive zone transfers. |
allow-query |
Specifies hosts that are allowed to make queries. |
allow-recursion |
Specifies hosts that are allowed to perform recursive queries on the server. |
notify |
Allows master servers to notify their slave servers when the master zone data changes and updates are needed. |
blackhole |
Option to eliminate denial response by allow-query. |
A critically important option found in most configuration files is the directory option, which holds the location of the name server's zone and cache files on your system. The following example is taken from the Red Hat /etc/named.conf file. This example specifies the zone files are located in the /var/named directory. In this directory, you can find your zone files, including those used for your local system.
options { directory "/var/named"; forwarders { 192.168.0.34; 192.168.0.47; }; };
Another commonly used global option is the forwarders option. With the forwarders option, you can list several DNS servers to which queries can be forwarded if they cannot be resolved by the local DNS server. This is helpful for local networks that may need to use a DNS server connected to the Internet. The forwarders option can also be placed in forward zone entries.
With the notify option turned on, the master zone DNS servers send messages to any slave DNS servers whenever their configuration has changed. The slave servers can then perform zone transfers in which they download the changed configuration files. Slave servers always use the DNS configuration files copied from their master DNS servers. notify takes one argument, yes or no, where yes is the default. With the no argument, you can have the master server not send out any messages to the slave servers, in effect preventing any zone transfers.
The following example is a simple named.conf file based on the example provided in the BIND documentation. This example shows samples of several of the configuration statements. The file begins with comments using C++ syntax, //. The options statement has a directory entry that sets the directory for the zone and cache files to /var/named. Here, you find your zone files, such as named.local and reverse mapping files, along with the cache file, named.ca. The first zone statement (.) defines a hint zone specifying the root name servers. The cache file listing these servers is named.ca. The second zone statement defines a zone for the mytrek.com domain. Its type is master, and its zone file is named "mytrek.com." The next zone is used for reverse IP mapping of the previous zone. Its name is made up of a reverse listing of the mytrek.com domain's IP address with the term IN-ADDR.ARPA appended. The domain address for mytrek.com is 192.168.0, so the reverse is 1.168.192. The IN-ADDR.ARPA domain is a special domain that supports gateway location and Internet address–to–host mapping. The last zone statement defines a reverse mapping zone for the loopback interface, the method used by the system to address itself and enable communication between local users on the system. The zone file used for this local zone is named.local.
// // A simple BIND 9 configuration // logging { category cname { null; }; }; options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "mytrek.com" { type master; file "mytrek.com"; }; zone "1.168.192.IN-ADDR.ARPA" { type master; file "192.168.0"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "named.local"; };
The IPv6 version for the preceding named.conf file appears much the same, except that the IN-ADDR.ARPA domain is replaced by the IP6.ARPA domain in the reverse zone entries (IP6.INT is an older deprecated version). IP6.ARPA uses bit labels providing bit level specification for the address. This is simply the full hexadecimal address, including zeros, without intervening colons. You need to use IP6.ARPA of the IPv6 address for both the mytrek.com domain and the localhost domain. The IPv6 address for the localhost domain is 0000000000000001, a special reserved address. IP6.INT is an older version of IP6.ARPA that uses a nibble format for reverse addresses (discussed later).
// // A simple BIND 9 configuration // logging { category cname { null; }; }; options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "mytrek.com" { type master; file "mytrek.com"; }; zone "\[xFEC0000000000000/64].IP6.ARPA" { type master; file "fec.ip6.arpa"; }; zone "\[x00000000000000000000000000000001/128].IP6.ARPA" { type master; file "named.local"; };
When BIND is initially installed, it creates a default configuration for what is known as a caching-only server. A caching-only server copies queries made by users and saves them in a cache, for use later if the queries are repeated. This can save DNS lookup response times. The cache is held in memory and lasts only as long as named runs. The following example is the named.conf file initially installed for a caching-only server. Only the local and cache zones are defined.
< Day Day Up > |
This HTML Help has been published using the chm2web software. |