named.conf.4 (2010 09)
n
named.conf(4) named.conf(4)
(BIND 9.3)
and stub zones, and clamp the SOA refresh and retry times to the specified values.
sig-validity-interval
Specifies the number of days into the future when DNSSEC signatures that were
automatically generated as a result of dynamic updates will expire. The default is 30
days. The maximum is 10 years (3660 days). The signature inception time is uncondi-
tionally set to one hour before the current time to allow for a limited amount of clock
skew.
Zone Transfer Options
BIND has mechanisms in place to facilitate zone transfers and set limits on the amount of load that
transfers place on the system. The following options apply to zone transfers.
also-notify
Defines a global list of IP addresses of name servers that are also sent NOTIFY messages
whenever a fresh copy of the zone is loaded, in addition to the servers listed in the zone’s
NS records. This helps to ensure that copies of the zones will quickly converge on stealth
servers. If an also-notify list is given in a
zone statement, it will override the
options also-notify statement. When a zone notify
statement is set to no, the
IP addresses in the global
also-notify list will not be sent NOTIFY messages for that
zone. The default is the empty list (no global notification list).
alt-transfer-source
An alternate transfer source if the one listed in transfer-source
fails and use-
alt-transfer-source
is set.
alt-transfer-source-v6
An alternate transfer source if the one listed in transfer-source-v6
fails and
use-alt-transfer-source
is set.
max-transfer-idle-in
Inbound zone transfers making no progress in this many minutes will be terminated.
The default is 60 minutes (1 hour). The maximum value is 28 days (40320 minutes).
max-transfer-idle-out
Outbound zone transfers making no progress in this many minutes will be terminated.
The default is 60 minutes (1 hour). The maximum value is 28 days (40320 minutes).
max-transfer-time-in
Inbound zone transfers running longer than this many minutes will be terminated. The
default is 120 minutes (2 hours). The maximum value is 28 days (40320 minutes).
max-transfer-time-out
Outbound zone transfers running longer than this many minutes will be terminated. The
default is 120 minutes (2 hours). The maximum value is 28 days (40320 minutes).
notify-source
Determines which local source address, and optionally UDP port, will be used to send
NOTIFY messages. This address must appear in the slave server’s masters zone
clause or in an allow-notify clause. This statement sets the notify-source for
all zones, but can be overridden on a per-zone or per-view basis by including a
notify-source statement within the zone or view statement in the configuration
file.
notify-source-v6
The same as notify-source, but applies to NOTIFY messages sent to IPv6 addresses.
serial-query-rate
Slave servers will periodically query master servers to find out if zone serial numbers
have changed. Each such query uses a minute amount of the slave server’s network
bandwidth. To limit the amount of bandwidth used, BIND 9.3 limits the rate at which
queries are sent. The value of the serial-query-rate option, an integer, is the max-
imum number of queries sent per second. The default is 20.
transfer-format
Zone transfers can be sent using two different formats, one-answer and many-
answers. The transfer-format option is used on the master server to determine
which format it sends. one-answer uses one DNS message per resource record
HP-UX 11i Version 3: September 2010 − 21 − Hewlett-Packard Company 21