HP-UX IP Address and Client Management Administrator's Guide HP-UX 11i v2, HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

Table 1-11 Periodic Task Interval Options

DescriptionOption

This option specifies (in minutes) how frequently the server removes the

expired resource records from the cache. The default value is 60 minutes. If

cleaning-interval is set to 0, periodic cleaning does not occur.

cleaning-interval number;

This option specifies how frequently the server scans the network interface

list (in minutes). If this option is set to 0, interface scanning occurs only when

the configuration file is loaded. After the scan, listeners are started on any

new interface (provided they are allowed by the listen-on configuration).

Listeners on interfaces that have expired are removed.

interface-interval number;

This option specifies how frequently the name server statistics are logged.

The default value is 60. If this option is set to 0, statistics are not logged.

statistics-interval number;

Tuning Options

Table 1-12 describes the tuning options.

Table 1-12 Tuning Options

DescriptionOption

This option sets the maximum time for which the server caches ordinary answers.

The default value is 1 week.

max-cache-ttl

The server stores negative answers to reduce network traffic and to increase

performance. max-ncache-ttl sets a maximum retention time (in seconds) for

these answers in the server.

max-ncache-ttl

This option specifies the number of days after which DNSSEC signatures that are

automatically generated due to dynamic updates expire. The default value is 30

days.

sig-validity- interval

This option sets the advertised Extended DNS (EDNS) UDP buffer size in bytes.

The valid values range from 512 to 4096 bytes (values outside this range are silently

adjusted). The default value is 4096.

edns-udp-size

DNSSEC Options

Section describes the DNSSEC options in the options statement in the /etc/named.conf file.

Table 1-13 DNSSEC Options

DescriptionOption

Enables or disables DNSSEC support. If this option is set

to yes, named supports the DNSSEC feature. By default,

the DNSSEC feature is not enabled.

dnssec-enable yes_or_no;

Provides the validation with an alternate method to

validate DNSKEY records at the top of a zone.

dnssec-lookaside domain trust-anchor

domain;

Specifies hierarchies that might be secure (signed and

validated). If this option is set to yes, named only accepts

answers if they are secure. If this option is set to no,

named applies the standard DNSSEC validation.

dnssec-must-be-secure domain yes_or_no;

Disables the specified DNSSEC algorithms at and below

the specified name. Multiple disable-algorithms

statements are allowed, but only the most specific is

applied.

disable-algorithms domain { algorithm; [

algorithm; ] };

Specifies the number of days until which DNSSEC

signatures automatically generated as a result of dynamic

updates expire. The default value is 30 days. The

maximum value is 3660 days (10 years).

sig-validity-interval number;

BIND Name Service Overview 37