named.conf.4 (2010 09)
n
named.conf(4) named.conf(4)
(BIND 9.3)
General Options
directory The working directory of the server. Any nonabsolute path names in the configuration
file will be taken as relative to this directory. The default location for most server output
files (for example, named.run) is this directory. If a directory is not specified, the work-
ing directory defaults to the directory from which the server was started (
.). The direc-
tory specified should be an absolute path.
disable-algorithms
Disable the specified DNSSEC algorithms at and below the specified name. Multiple
disable-algorithms
statements are allowed. Only the most specific is applied.
dnssec-lookaside
When set, dnssec-lookaside
provides the validator with an alternate method to vali-
date DNSKEY records at the top of a zone. When a DNSKEY is at or below a domain
specified by the deepest
dnssec-lookaside
, and the normal DNSSEC validation has
left the key untrusted, the
trust-anchor will be appended to the key name and a DLV
record will be looked up to see if it can validate the key. If the DLV record validates a
DNSKEY (similar to the way a DS record does it), the DNSKEY RRset is deemed to be
trusted.
dnssec-must-be-secure
Specify hierarchies which must be or may not be secure (signed and validated). If yes,
named will only accept answers if they are secure. If no, normal DNSSEC validation
applies and insecure answers are accepted. The specified domain must be under a
trusted key, or dnssec-lookaside
must be active.
dump-file The path name of the file to which the server dumps the database with
rndc dumpdb.
The default is
named_dump.db
.
key-directory
The directory where the public and private key files should be found, if it is not the work-
ing directory. The specified directory must be an absolute path.
memstatistics-file
The path name of the file to which the server writes the memory usage statistics. The
default is
named.memstats.
pid-file The path name of the file in which the server writes its process ID. The default path
name is
/var/run/named.pid
. The pid-file is used by programs that need to
send signals to the running name server.
Specifying
pid-file none ; disables the use of a PID file; no file is written and any
existing file is removed. Note that none is a keyword, not a file name, and therefore is
not enclosed in quotation marks.
port The UDP/TCP port number the server uses for receiving and sending DNS protocol
traffic. The default is 53. This option is mainly intended for server testing; a server
using a port other than 53 will not be able to communicate with the global DNS.
preferred-glue
If specified, the listed type (A or AAAA) will be emitted before other glue in the additional
section of a query response. The default is not to prefer any type (NONE). ("Glue" is a
record that is created as part of a delegation.)
random-device
The source of entropy (random data) to be used by the server. Entropy is primarily
needed for DNSSEC operations, This option specifies the device (or file) from which to
read entropy. If this is a file, operations requiring entropy will fail when the file has
been exhausted. The default value is /dev/random (or the equivalent) when present,
and none otherwise. The random-device option takes effect during the initial
configuration load at server startup time and is ignored on subsequent reloads.
root-delegation-only
Turn on enforcement of delegation-only in top level domains (TLD) and root zones,
with an optional exclude list.
Note: Some TLDs are not
delegation-only (for example, DE, LV, US and MUSEUM).
12 Hewlett-Packard Company − 12 − HP-UX 11i Version 3: September 2010