HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

241

242

243

244

245

246

247

248

249

250

named.conf(4) named.conf(4)

(BIND 9.3)

speciﬁed should be an absolute path.

disable-algorithms

Disable the speciﬁed DNSSEC algorithms at and below the speciﬁed name. Multiple

disable-algorithms

statements are allowed. Only the most speciﬁc is applied.

dnssec-lookaside

When set, dnssec-lookaside

provides the validator with an alternate method to vali-

date DNSKEY records at the top of a zone. When a DNSKEY is at or below a domain

speciﬁed by the deepest

dnssec-lookaside

, and the normal DNSSEC validation has

left the key untrusted, the

trust-anchor will be appended to the key name and a DLV

record will be looked up to see if it can validate the key. If the DLV record validates a

DNSKEY (similar to the way a DS record does it), the DNSKEY RRset is deemed to be

trusted.

dnssec-must-be-secure

Specify hierarchies which must be or may not be secure (signed and validated). If

yes,

named will only accept answers if they are secure. If

no, normal DNSSEC validation

applies and insecure answers are accepted. The speciﬁed domain must be under a trusted

key, or

dnssec-lookaside

must be active.

dump-file The path name of the ﬁle to which the server dumps the database with rndc dumpdb

The default is

named_dump.db.

key-directory

The directory where the public and private key ﬁles should be found, if it is not the working

directory. The speciﬁed directory must be an absolute path.

memstatistics-file

The path name of the ﬁle to which the server writes the memory usage statistics. The

default is

named.memstats

pid-file The path name of the ﬁle in which the server writes its process ID. The default path name

/var/run/named.pid

. The pid-file is used by programs that need to send sig-

nals to the running name server.

Specifying

pid-file none ; disables the use of a PID ﬁle; no ﬁle is written and any

existing ﬁle is removed. Note that none is a keyword, not a ﬁle name, and therefore is not

enclosed in quotation marks.

port The UDP/TCP port number the server uses for receiving and sending DNS protocol trafﬁc.

The default is 53. This option is mainly intended for server testing; a server using a port

other than 53 will not be able to communicate with the global DNS.

preferred-glue

If speciﬁed, the listed type (A or AAAA) will be emitted before other glue in the additional

section of a query response. The default is not to prefer any type (NONE). ("Glue" is a

record that is created as part of a delegation.)

random-device

The source of entropy (random data) to be used by the server. Entropy is primarily needed

for DNSSEC operations, This option speciﬁes the device (or ﬁle) from which to read

entropy. If this is a ﬁle, operations requiring entropy will fail when the ﬁle has been

exhausted. The default value is

/dev/random (or the equivalent) when present, and

none otherwise. The random-device option takes effect during the initial conﬁguration

load at server startup time and is ignored on subsequent reloads.

root-delegation-only

Turn on enforcement of delegation-only in top level domains (TLD) and root zones,

with an optional exclude list.

Note: Some TLDs are not delegation-only (for example, DE, LV, US and MUSEUM).

options {

root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };

};

statistics-file

The path name of the ﬁle in which the server appends statistics using rndc stats. The

default is named.stats in the server’s current directory. The ﬁle format is described in

244 Hewlett-Packard Company − 12 − HP-UX 11i Version 3: February 2007