named.conf.4 (2010 09)
n
named.conf(4) named.conf(4)
(BIND 9.3)
by having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts fall through.
Comment Syntax
Comments in the BIND 9.3 configuration file can be written in the following styles:
C:
/* comment */
C++: // to end of line
UNIX:
# to end of line
Note: Unlike a zone file, you cannot use a semicolon (
;) character to start a comment in the BIND 9.3
configuration file. The semicolon indicates the end of a configuration statement.
CONFIGURATION FILE GRAMMAR
A BIND 9.3 configuration file consists of statements and comments. Statements end with a semicolon.
Statements and comments are the only elements that can appear without enclosing braces. Many state-
ments contain a block of substatements, which is terminated with a semicolon. The following statements
are supported:
acl Defines a named IP address matching list, for access control and other uses.
controls Declares control channels to be used by the
rndc utility.
include Includes a file.
key Specifies key information for use in authentication and authorization using TSIG.
logging Specifies what data the server logs, and where the log messages are sent.
lwres Configures the name server to also act as a lightweight resolver server.
masters Defines a masters list for inclusion in masters clauses of stub and slave
zone state-
ments
options Controls global server configuration options and sets defaults for other statements.
server Sets certain configuration options on a per-server basis.
trusted-keys
Defines trusted DNSSEC keys.
view Defines a view.
zone Defines a zone.
The
logging and options statements may occur only once per configuration.
The acl Statement
acl Statement Grammar
acl acl-name {
address_match_list
};
acl Statement Definition and Usage
The
acl statement assigns a symbolic name to an address match list. It gets its name from the primary
use of address match lists for Access Control Lists (ACLs). Note that an address match list’s name must
be defined with acl before it can be used elsewhere; no forward references are allowed. The following
ACL names are built-in:
any Matches all hosts.
none Matches no hosts.
localhost Matches the IPv4 addresses of all network interfaces on the system.
localnets Matches any host on an IPv4 network for which the system has an interface.
The
localhost and localnets ACLs do not currently support IPv6 (that is, localhost does not
match the host’s IPv6 addresses, and localnets does not match the host’s attached IPv6 networks) due
to the lack of a standard method of determining the complete set of local IPv6 addresses for a host.
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3