HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
n
named.conf(4) named.conf(4)
(BIND 9.3)
path_name A quoted string that is used as a path name, such as
"zones/master/my.test.domain"
.
size_spec One of the following:
number A decimal number, optionally be followed by a scaling factor:
K or k for kilo-
bytes,
M or m for megabytes, and
G or g for gigabytes, which scale by 1024,
1024*1024, and 1024*1024*1024 respectively. The value must be representable
as a 64-bit unsigned integer (0 to 18446744073709551615, inclusive).
default
Uses the limit that was in force when the server was started.
unlimited
Requests unlimited use, or the maximum available amount. This is the best way
to set a really large number.
yes_or_no Either yes or no. The words
true and false and the numbers 1 and 0 are also
accepted, respectively.
Address Match List Syntax
An address_match_list has the format:
address_match_list_element ;
[ address_match_list_element ; ]...
An address_match_list_element has the format:
[ ! ](ip_addr
| ip_prefix
| key key_id
| acl_name
| { address_match_list } )
Address Match List Definition and Usage
Address match lists are primarily used to determine access control for various server operations. They are
also used to define priorities for querying other name servers and to set the addresses on which
named will
listen for queries. The elements which constitute an address match list may be any of the following:
• An IP address (IPv4 or IPv6).
• An IP prefix (in the
/-notation).
• A key ID, as defined by the key statement.
• The name of an address match list previously defined with an acl statement.
• A nested address match list enclosed in braces.
Elements can be negated with a leading exclamation mark (
!). The match list names of
any, none,
localhost, and localnets are predefined. For more information on these match list names, refer
to The acl Statement section. The addition of the key clause made the name of this syntactic element
something of a misnomer, since security keys can be used to validate access without regard to a host or
network address. However, the term address match list is still being used.
When a given IP address or prefix is compared to an address match list, the list is traversed in order
until an element matches. The interpretation of a match depends on whether the list is being used for
access control, defining listen-on ports and whether the element was negated. When used as an
access control list, a nonnegated match allows access and a negated match denies access. If there is no
match, access is denied.
The clauses allow-notify , allow-query , allow-transfer, allow-update , allow-
update-forwarding
, and blackhole , which can be specified in the options and/or
zone state-
ments use the address match lists. Similarly, the
listen-on option causes the server not to accept
queries on any of the machine’s addresses which do not match the list.
Because of the first-match aspect of the algorithm, an element that defines a subset of another element in
the list should come before the broader element, regardless of whether either is negated. For example, in
1.2.3/24; ! 1.2.3.13; the 1.2.3.13 element is of no use because the algorithm will match any
lookup for 1.2.3.13 to the 1.2.3/24 element. Using ! 1.2.3.13; 1.2.3/24 fixes that problem by
having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts fall through.
234 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007