named.conf.4 (2010 09)
n
named.conf(4) named.conf(4)
(BIND 9.3)
presence of the logging category queries.
recursion If yes and a DNS query requests recursion, then the server will attempt to answer the
query. If no and the server does not know the answer, it will return a referral response.
The default is yes.
Note that setting
recursion to no does not prevent clients from getting data from the
server’s cache; it only prevents new data from being cached as an effect of client queries.
Caching may still occur as an effect of the server’s internal operation, such as NOTIFY
address lookups.
request-ixfr
Determines whether the local server, acting as a slave, will request incremental zone
transfers from the given remote server, a master. If not set in a
server statement, the
value of the
request-ixfr option in the
view or global options statement is used
as a default.
zone-statistics
If yes, the server will, by default, collect statistical data on all zones in the server.
These statistics may be accessed using the
rndc stats command, which will dump
them to the file listed in the
statistics-file option.
Access Control Options
Access to the server can be restricted based on the IP address of the requesting system.
allow-notify
Specifies which hosts are allowed to notify slaves of a zone change in addition to the zone
masters. allow-notify may also be specified in the zone statement, in which case it
overrides the options allow-notify statement. It is only meaningful for a slave
zone. If not specified, the default is to process notify messages only from a zone’s master.
allow-query
Specifies which hosts are allowed to ask ordinary questions. allow-query may also be
specified in the zone statement, in which case it overrides the options allow-query
statement. If not specified, the default is to allow queries from all hosts.
allow-recursion
Specifies which hosts are allowed to make recursive queries through this server. If not
specified, the default is to allow recursive queries from all hosts. Note that disallowing
recursive queries for a host does not prevent the host from retrieving data that is already
in the server’s cache.
allow-update-forwarding
Specifies which hosts are allowed to submit Dynamic DNS updates to slave zones to be
forwarded to the master. The default is {none;}, which means that no update forward-
ing will be performed. To enable update forwarding, specify allow-update-
forwarding {any;};. Specifying values other than {none;} or {any;} is usually
counterproductive, since the responsibility for update access control should rest with the
master server, not the slaves.
Note that enabling the update forwarding feature on a slave server may expose master
servers relying on insecure IP-address-based access control to attacks.
allow-transfer
Specifies the hosts that are allowed to receive zone transfers from the server. allow-
transfer may also be specified in the zone statement, in which case it overrides the
options allow-transfer statement. If not specified, the default is to allow
transfers from all hosts.
blackhole Specifies a list of addresses that the server will not accept queries from or use to resolve a
query. Queries from these addresses will not be responded to. The default is none.
Bad UDP Port List Options
avoid-v4-udp-ports, avoid-v6-udp-ports
Specify a list of IPv4 and IPv6 UDP ports that will not be used as system assigned source
ports for UDP sockets. These lists prevent named from choosing as its random source
port a port that is blocked by your firewall. If a query went out with such a source port,
the answer would not get by the firewall and the name server would have to query again.
HP-UX 11i Version 3: September 2010 − 15 − Hewlett-Packard Company 15