Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

231

232

233

234

235

236

237

238

239

240

Chapter 16. Berkeley Internet Name Domain (BIND) 233

• allow-recursion — Similar to allow-query, except it applies to recursive queries. By de-

fault, all hosts are allowed to perform recursive queries on the nameserver.

• directory — Changes the named working directory to something other than the default,

/var/named.

• forward — Controls how forwarding occurs, if the forwarders option contains valid IP ad-

dresses designating where to send requests.

If the first option is used, then the nameservers speciﬁed in the forwarders option are queried

ﬁrst for the information, and if they do not have it, named will attempt the resolution itself.

If the only option is used, named will not attempt the resolution itself if the forwarders are not

successful.

• forwarders — Speciﬁes a list of nameservers where requests should be forwarded for resolu-

tion.

• listen-on — Speciﬁes the network interface that named will use to listen for queries. By

default, all interfaces are used.

This option is useful if you have more than one network interface and would like to limit the

systems that can make requests of your nameserver. For example, if you have a machine serving

as a gateway and a nameserver, and you would like to block any requests except those that

originate from your private network, your listen-on option might look like this:

options {

listen-on { 10.0.1.1; };

};

In this way, only requests that arrive from the network interface serving the private network

(10.0.1.1) will be accepted.

• notify — Controls whether named notiﬁes the slave servers when a zone is updated. The default

is yes, but you can set this to no, to prevent slaves from being notiﬁed, or explicit, to only

notify servers in an also-notify list.

• pid-file — Allows you to specify the location of the process ID ﬁle created by named when

it starts.

• statistics-file — Allows you to specify the location of where the statistics ﬁle is written.

By default, named statistics are saved in /var/named/named.stats.

Dozens of other options are also available, many of which rely upon one another to work properly.

See the BIND 9 Administrator Reference Manual for more details.

• server — Deﬁnes particular options that affect how named should act toward remote nameservers,

especially regarding notiﬁcations and zone transfers.

The transfer-format option controls whether one resource record is sent with each message

(one-answer) or multiple resource records are sent with each message (many-answers). While

many-answers is more efﬁcient, only newer BIND nameservers understand it.

• trusted-keys — Contains assorted public keys used for DNSSEC. See Section 16.4.3 for an

introduction to BIND security.

• view "

view-name " — Creates special views that respond with a particular type of informa-

tion depending upon the host contacting the nameserver. This allows some hosts to receive one

answer regarding a particular zone while other hosts receive totally different information. Alterna-

tively, certain zones may only be made available to particular trusted hosts while non-trusted hosts

can only make queries for other zones.

Multiple views may be used, so long as their names are unique. The match-clients option spec-

iﬁes the IP addresses that apply to a particular view. Any option statements may also be used

within a view, overriding the global options already conﬁgured for named. Most view statements

contain multiple zone statements that apply to the match-clients list. The order in which view