HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
n
named.conf(4) named.conf(4)
(BIND 9.3)
Caching may still occur as an effect of the server’s internal operation, such as NOTIFY
address lookups.
request-ixfr
Determines whether the local server, acting as a slave, will request incremental zone
transfers from the given remote server, a master. If not set in a
server statement, the
value of the
request-ixfr option in the view
or global options statement is used as
adefault.
zone-statistics
If yes, the server will, by default, collect statistical data on all zones in the server. These
statistics may be accessed using the rndc stats
command, which will dump them to the
file listed in the
statistics-file
option.
Access Control Options
Access to the server can be restricted based on the IP address of the requesting system.
allow-notify
Specifies which hosts are allowed to notify slaves of a zone change in addition to the zone
masters. allow-notify may also be specified in the zone statement, in which case it
overrides the options allow-notify statement. It is only meaningful for a slave
zone. If not specified, the default is to process notify messages only from a zone’s master.
allow-query
Specifies which hosts are allowed to ask ordinary questions. allow-query may also be
specified in the zone statement, in which case it overrides the options allow-query
statement. If not specified, the default is to allow queries from all hosts.
allow-recursion
Specifies which hosts are allowed to make recursive queries through this server. If not
specified, the default is to allow recursive queries from all hosts. Note that disallowing
recursive queries for a host does not prevent the host from retrieving data that is already in
the server’s cache.
allow-update-forwarding
Specifies which hosts are allowed to submit Dynamic DNS updates to slave zones to be for-
warded to the master. The default is {none;}, which means that no update forwarding
will be performed. To enable update forwarding, specify allow-update-forwarding
{any;};
. Specifying values other than {none;} or {any;} is usually counterproduc-
tive, since the responsibility for update access control should rest with the master server,
not the slaves.
Note that enabling the update forwarding feature on a slave server may expose master
servers relying on insecure IP-address-based access control to attacks.
allow-transfer
Specifies the hosts that are allowed to receive zone transfers from the server. allow-
transfer
may also be specified in the zone statement, in which case it overrides the
options allow-transfer statement. If not specified, the default is to allow transfers
from all hosts.
blackhole Specifies a list of addresses that the server will not accept queries from or use to resolve a
query. Queries from these addresses will not be responded to. The default is
none.
Bad UDP Port List Options
avoid-v4-udp-ports, avoid-v6-udp-ports
Specify a list of IPv4 and IPv6 UDP ports that will not be used as system assigned source
ports for UDP sockets. These lists prevent named from choosing as its random source port
a port that is blocked by your firewall. If a query went out with such a source port, the
answer would not get by the firewall and the name server would have to query again.
Built-In Server Information Zone Options
The server provides some helpful diagnostic information through a number of built-in zones under the
pseudo-top-level-domain bind in the CHAOS class. These zones are part of a built-in view of class CHAOS
which is separate from the default view of class IN; therefore, any global server options such as allow-
query
do not apply the these zones. If you feel the need to disable these zones, use the options below, or
HP-UX 11i Version 3: February 2007 − 15 − Hewlett-Packard Company 247