HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)
n
named.conf(4) named.conf(4)
Forwarding can also be configured on a per-domain basis, allowing for the global forwarding options to be
overridden in a variety of ways. You can set a particular domain to use different forwarders, or have a
different forward only/first: behavior, or not forward at all.
Access Control
Access to the server can be restricted based on the IP address of the requesting system.
allow-notify
Specifies which hosts are allowed to notify slaves of a zone change in addition to the zone
masters. allow-notify may also be specified in the zone statement, in which case it
overrides the options allow-notify statement. It is only meaningful for a slave zone.
If not specified, the default is to process notify messages only from a zone’s master.
allow-query
Specifies which hosts are allowed to ask ordinary questions.
allow-query may also
be specified in the zone statement, in which case it overrides the options
allow-query
statement. If not specified, the default is to allow queries from all hosts.
allow-recursion
Specifies which hosts are allowed to make recursive queries through this server. If not
specified, the default is to allow recursive queries from all hosts. Note that disallowing
recursive queries for a host does not prevent the host from retrieving data that is already
in the server’s cache.
allow-v6-synthesis
Specifies the hosts which need to receive synthetic responses to IPv6 queries. See below
for more details.
allow-transfer
Specifies the hosts which are allowed to receive zone transfers from the server.
allow-transfer may also be specified in the zone statement, in which case it over-
rides the options allow-transfer
statement. If not specified, the default is to allow
transfers from all hosts.
blackhole Specifies a list of addresses that the server will not accept queries from or use to resolve a
query. Queries from these addresses will not be responded to. Default is
none.
Interfaces
The interfaces and ports that the server will answer queries from, may be specified using the
listen-
on option. listen-on takes an optional port, and an address_match_list
The server will listen
on all interfaces allowed by the address match list. If a port is not specified, port 53 will be used.
Multiple
listen-on statements are allowed. For example,
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
will enable the nameserver on port 53 for the IP address 5.6.7.8, and on port 1234 of an address on the
machine in net 1.2 that is not 1.2.3.4. If no
listen-on is specified, the server will listen on port 53 on
all interfaces. The listen-on-v6 option is used to specify the ports on which the server will listen for
incoming queries sent using IPv6.
The server does not bind a separate socket to each IPv6 interface address as it does for IPv4. Instead, it
always listens on the IPv6 wildcard address. Therefore, the only values allowed for the
address_match_list argument to the listen-on-v6 statement are:
{ any; }
and
{ none;}
Multiple
listen-on-v6 options can be used to listen on multiple ports:
listen-on-v6 port 53 { any; };
listen-on-v6 port 1234 { any; };
To make the server not to listen on any IPv6 address, use
listen-on-v6 { none; };
HP-UX 11i Version 2: August 2003 − 12 − Hewlett-Packard Company Section 4−−187