HP-UX IP Address and Client Management Administrator's Guide (October 2009)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software

DNSSEC Options

Section describes the DNSSEC options in the options statement in the /etc/named.conf file.

Table 1-13 DNSSEC Options

DescriptionOption

Enables or disables DNSSEC support. If this option is set

to yes, named supports the DNSSEC feature. By default,

the DNSSEC feature is not enabled.

dnssec-enable yes_or_no;

Provides the validation with an alternate method to

validate DNSKEY records at the top of a zone.

dnssec-lookaside domain trust-anchor

domain;

Specifies hierarchies that might be secure (signed and

validated). If this option is set to yes, named only accepts

answers if they are secure. If this option is set to no,

named applies the standard DNSSEC validation.

dnssec-must-be-secure domain yes_or_no;

Disables the specified DNSSEC algorithms at and below

the specified name. Multiple disable-algorithms

statements are allowed, but only the most specific is

applied.

disable-algorithms domain { algorithm; [

algorithm; ] };

Specifies the number of days until which DNSSEC

signatures automatically generated as a result of dynamic

updates expire. The default value is 30 days. The

maximum value is 3660 days (10 years).

sig-validity-interval number;

Server Information Zone Options

Table 1-14 describes the server information zone options in the /etc/named.conf file.

Table 1-14 Server Information Zone Options

DescriptionOption

Specifies the host name to which the server must report, using the

hostname.bind query with type TXT and class CHAOS. This option defaults

to the host name of the system that host the name server.

hostname hostname_string;

Specifies the server ID to which the server must report, using the

ID.SERVER query with type TXT and class CHAOS. The default value of

this option is none.

server-id server_id_string;

Specifies the version to which the server must report, using the

version.bind query with type TXT and class CHAOS. The default value

is the real version number of the server.

version version_string;

Bad UDP Port List Options

Section describes the bad UDP port list options.

Table 1-15 Bad UDP Port List Options

DescriptionOption

Specifies a list of IPv4 and IPv6 UDP ports that are not used as system

assigned source ports for UDP sockets. These lists prevent named from

choosing a port, which is blocked by a firewall, as the random source port.

If a query passes through a source port that is blocked by the firewall, the

response does not get across the firewall and the name server must query

again.

avoid-v4-udp-ports {port_list

};

avoid-v6-udp-ports {port_list

};

Query Address Options

Table 1-16 describes the query address options.

BIND Name Service Overview 39