named.conf.4 (2010 09)

n
named.conf(4) named.conf(4)
(BIND 9.3)
options {
root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };
};
statistics-file
The path name of the file in which the server appends statistics using
rndc stats.
The default is
named.stats in the server’s current directory. The file format is
described in The Statistics File section.
tkey-dhkey The Diffie-Hellman key used by the server to generate shared keys with clients using the
Diffie-Hellman mode of TKEY. The server must be able to load the public and private
keys from files in the working directory. In most cases, the key_name should be the
server’s host name. The key_tag is an integer that is part of the key.
tkey-domain
The domain appended to the names of all shared keys generated with TKEY. When a
client requests a TKEY exchange, it can specify a preferred name for the key. If the
name is present, the name of the shared key will be client_speci fied_part
+tkey_domain.
Otherwise, the name of the shared key will be random_hex_digits+tkey-domain. In most
cases, the domain name should be the server’s domain name.
Boolean Options
additional-from-auth
, additional-from-cache
These options control the behavior of an authoritative server when answering queries
which have additional data, or when following CNAME and DNAME chains.
When both of these options are set to
yes (the default) and a query is being answered
from authoritative data (a zone configured into the server), the additional data section of
the reply will be filled in using data from other authoritative zones and from the cache.
In some situations this is undesirable, such as when there is concern over the correctness
of the cache, or in servers where slave zones may be added and modified by untrusted
third parties. Also, avoiding the search for this additional data will speed up server
operations at the possible expense of additional queries to resolve what would otherwise
be provided in the additional section.
For example, if a query asks for an
MX record for host foo.example.com
, and the
record found is
MX 10 mail.example.net
, normally the address records (A, A6, and
AAAA) for mail.example.net
will be provided as well, if known. Set these options to
no to disable this behavior.
These options are intended for use in authoritative-only servers, or in authoritative-only
views. Attempts to set them to
no without also specifying recursion no will cause
the server to ignore the options and log a warning message.
Specifying
additional-from-cache no
actually disables the use of the cache not
only for additional data lookups but also when looking up the answer. This is usually the
desired behavior in an authoritative-only server where the correctness of the cached data
is an issue.
When a name server is nonrecursively queried for a name that is not below the apex of
any served zone, it normally answers with an "upwards referral" to the root servers or the
servers of some other known parent of the query name. Since the data in an upwards
referral comes from the cache, the server will not be able to provide upwards referrals
when
additional-from-cache no has been specified. Instead, it will respond to
such queries with REFUSED. This should not cause any problems since upwards refer-
rals are not required for the resolution process.
auth-nxdomain
If yes, then the AA bit is always set on NXDOMAIN responses, even if the server is not
actually authoritative. The default is no. If you are using an old version of BIND, you
might need to set this option to yes.
check-names
Restrict the character set and syntax of certain domain names in master files and/or DNS
responses received from the network. The default varies according to usage area. For
master zones, the default is fail. For slave zones, the default is warn. For answers
received from the network (response), the default is ignore.
HP-UX 11i Version 3: September 2010 13 Hewlett-Packard Company 13