HPlogo   Configuring and Managing MPE/iX Internet Services:
HP 3000 MPE/iX Computer Systems
> Appendix B BIND 8 Configuration File

Appendix B BIND 8 Configuration File

MPE documents

Complete PDF

 

Table of Contents

Glossary

Index

 

⇓ Page Bottom

⇑ Page Top

 

Appendix A Samba/iX Sample Comfiguration File

Appendix C BIND 8.1 Enhanced Features

The following is a dummy configuration file example. This explains in brief what each configuration directive is useful for and its syntax. All the directives are not required for a typical BIND configuration.

 /*
 * This is a worthless, nonrunnable example of a named.conf file that has
 * every conceivable syntax element in use. We use it to test the parser.
 * It could also be used as a conceptual template for users of new
 * features.
 */

 /*
 * C-style comments are OK
 */

 // So are C++-style comments

 # So are shell-style comments

 // watch out for ";" -- it's important!

 options {
          directory ".";                        // use current directory
          named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
          dump-file "named_dump.db";            // _PATH_DUMPFILE
          pid-file "/var/run/named.pid";        // _PATH_PIDFILE
          statistics-file "named.stats";        // _PATH_STATS
          check-names master fail;
          check-names slave warn;
          check-names response ignore;
          datasize default;
          stacksize default;
          coresize default;
          files unlimited;
          recursion yes;
          fetch-glue yes;
          fake-iquery no;
          notify yes;                // send NOTIFY messages. You can set
                                     // notify on a zone-by-zone
                                     // basis in the "zone" statement
                                     // see (below)
          auth-nxdomain yes;         // always set AA on NXDOMAIN.
                                     // don't set this to 'no' unless
                                     // you know what you're doing -- older 
                                     // servers won't like it.
          multiple-cnames no;        // if yes, then a name my have more
                                     // than one CNAME RR. This use
                                     // is non-standard and is not
                                     // recommended, but it is available
                                     // because previous releases supported
                                     // it and it was used by large sites
                                     // for load balancing.
 allow-query { any; };
 allow-transfer { any; };
 transfers-in 10;                    // DEFAULT_XFERS_RUNNING, cannot be
                                     // set > than MAX_XFERS_RUNNING (20)
 transfers-per-ns 2;                 // DEFAULT_XFERS_PER_NS
 transfers-out 0;                    // not implemented
 max-transfer-time-in 120;           // MAX_XFER_TIME; the default number
                                     // of minutes an inbound zone transfer
                                     // may run. May be set on a per-zone
                                     // basis.

 /*
  * The "transfer-format" option specifies the way outbound zone
  * transfers (i.e. from us to them) are formatted. Two values are
  * allowed:
  *
  *     one-answer                   Each RR gets its own DNS message.
  *                                  This format is not very efficient,
  *                                  but is widely understood. All
  *                                  versions of BIND prior to 8.1 generate
  *                                  this format for outbound zone
  *                                  and require it on inbound transfers.
  *
  *     many-answers                 As many RRs as will fit are put into
  *                                  each DNS message. This format is
  *                                  the most efficient, but is only known
  *                                  to work with BIND 8. Patches to
  *                                  BIND 4.9.5 named-xfer that enable it
  *                                  to understand 'many-answers' will be
  *                                  available.
  *
  * If you are going to be doing zone transfers to older servers, you
  * shouldn't use 'many-answers'. 'transfer-format' may also be set
  * on a host-by-host basis using the 'server'statement (see below).
  */

 transfer-format one-answer;
 query-source address * port *;
 /*
  * The "forward" option is only meaningful if you've defined
  * forwarders. "first" gives the normal BIND
  * forwarding behavior, i.e. ask the forwarders first, and if that
  * doesn't work then do the full lookup. You can also say
  * "forward only;" which is what used to be specified with
  * "slave" or "options forward-only". "only" will never attempt
  * a full lookup; only the forwarders will be used.
  */
 forward first;
 forwarders { };                       //default is no forwarders
 /*
  * Here's a forwarders example that isn't trivial
  */
 /*
 forwarders {
            1.2.3.4;
            5.6.7.8;
 };
 */
 topology { localhost; localnets; };   // prefer local nameservers
 /*
  * Here's a more complicated topology example; it's commented out
  * because only one topology block is allowed.
  * topology {
           10/8;                       // prefernetwork 10.0.0.0
                                       // netmask 255.0.0.0 most
           !1.2.3/24;                  // don't like 1.2.3.0 netmask
                                       // 255.255.255.0 at all
           { 1.2/16; 3/8; };           // like 1.2.0.0 netmask 255.255.0.0
                                       // and 3.0.0.0 netmask 255.0.0.0
                                       // equally well, but less than 10/8
 };
 */
 listen-on port 53 { any; };         // listen for queries on port 53 on
                                     // any interface on the system
                                     // (i.e. all interfaces). The
                                     // "port 53" is optional; if you
                                     // don't specify a port, port 53
                                     // is assumed.
 /*
  * Multiple listen-on statements are allowed. Here's a more
  * complicated example:
  */
  /*
  listen-on { 5.6.7.8; };             // listen on port 53 on interface
                                      // 5.6.7.8
 listen-on port 1234 {                // listen on port 1234 on any
           !1.2.3.4;                  // interface on network 1.2.3
           1.2.3/24;                  // netmask 255.255.255.0, except for
 };                                   // interface 1.2.3.4.
 */

 /*
  * Interval Timers
  */
 clean-interval 60;                   // clean the cache of expired RRs
                                      // every 'clean-interval' minutes
 interface-interval 60;               // scan for new or deleted interfaces
                                      // every 'interface-interval' minutes
 statistics-interval 60;              // log statistics every
                                      // 'statistics-interval' minutes
 };

 zone "master.demo.zone" {
           type master;               // what used to be called "primary"
           file "master.demo.zone";
 check-names fail;
 allow-update { none; };
 allow-transfer { any; };
 allow-query { any; };
 // notify yes;                       // send NOTIFY messages for this
                                      // zone? The global option is used
                                      // if "notify" is not specified
                                      // here.
 also-notify { };                     // don't notify any nameservers other
                                      // than those on the NS list for this
                                      // zone
 };

 zone "slave.demo.zone" {
           type slave;                // what used to be called "secondary"
           file "slave.demo.zone";
           masters {
                1.2.3.4;              // where to zone transfer from
                5.6.7.8;
 };
           check-names warn;
           allow-update { none; };
           allow-transfer { any; };
           allow-query { any; };
           max-transfer-time-in 120;  // if not set, global option is used.
                                      //   also-notify { };
                                      // don't notify any nameservers other
                                      // than those on the NS list for this
                                      // zone
 };

 zone "stub.demo.zone" {
           type stub;                 // stub zones are like slave zones,
                                      // except that only the NS records
                                      // are transferred.
           file "stub.demo.zone";
           masters {
                1.2.3.4;              // where to zone transfer from
                5.6.7.8;
 };
           check-names warn;
           allow-update { none; };
           allow-transfer { any; };
           allow-query { any; };
           max-transfer-time-in 120;  // if not set,
 };                                   //   global option is used.

 zone "." {
           type hint;                 // used to be specified w/ "cache"
           file "cache.db";
 };

 acl can_query { !1.2.3/24; any; };   // network 1.2.3.0 mask 255.255.255.0
                                      // is disallowed; rest are OK
 acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host
                                      // allowed by can_query are OK

 zone "non-default-acl.demo.zone" {
           type master;
           file "foo";
           allow-query { can_query; };
           allow-transfer { can_axfr; };
           allow-update {
                1.2.3.4;
                5.6.7.8;servers.
           };
 };

 key sample_key {                       // for TSIG; supported by parser
           algorithm hmac-md5;          // but not yet implemented in the
           secret "your secret here";   // rest of the server
 };

 key key2 {
           algorithm hmac-md5;
           secret "ereh terces rouy";
 };

 server 1.2.3.4 {
           bogus no;                   // if yes, we won't query or
                                       // listen to this server
           transfer-format one-answer; // set transfer format for this
                                       // server (see the description of
                                       // 'transfer-format' above)
                                       // if not specified, the global 
                                       //   option will be used
           transfers 0;                // not implemented
           keys { sample_key; key2; }; // for TSIG; supported by the
                                       // parser but not yet implemented
                                       // in the rest of the server
 };

 logging {
           /*
            * All log output goes to one or more "channels"; you can make 
            * as many of them as you want.
            */

           channel syslog_errors {   // this channel will send errors or
                   syslog user;      // or worse to syslog (user facility)
                   severity error;
           };

           /*
            * Channels have a severity level. Messages at severity levels
            * greater than or equal to the channel's level will be logged 
            * on the channel. Inorder of decreasing severity,
            * the levels are:
            *
            *     critical              a fatal error
            * error
            * warning
            * notice                    a normal, but significant event
            * info                      an informational message
            * debug 1                   the least detailed debugging info
            * ...
            * debug 99                  the most detailed debugging info
            */

          /*
           * Here are the built-in channels:
           *
           *     channel default_syslog {
           *             syslog daemon;
           *             severity info;
           *     };
           *
           *     channel default_debug {
           *          file "named.run";
           *          severity dynamic;     // this means log debugging
           *                                // at whatever debugging
           *                                // level the server is at,
           *                                // and don't log anything
           *                                // if not debugging
           *     };
           *
           *     channel null {             // this is the bit bucket;
           *             file "/dev/null"   // any logging to this
           *                                // channel is discarded.
           *
           *     };
           *
           *     channel default_stderr {  // writes tostderr
           *             file "<stderr>";  // this is illustrative only;
           *                               // there's currently no way
           *                               // of saying "stderr" in the
           *                               // configuration language.
           *                               // i.e. don't try this at home.
           *             severity info; * };
           *
           * default_stderr only works before the server daemonizes (i.e.
           * during initial startup) or when it is running in foreground
           * mode (-f command line option).
           */

          /*
           * There are many categories, so you can send the logs
           * you want to see wherever you want, without seeing logs you
           * don't want. Right nowthe categories are
           *
           *     default             the catch-all. many things still
           *                         aren't classified into categories,
           *                         and they all end up here. also, if
           *                         you don't specify any channels for
           *                         a category, the default category is
           *                         used instead.
           *     config              high-level configuration file
           *                         processing
           *     parser              low-level configuration file
           *                         processing
           *     queries             used to be called "query logging"
           *     lame-servers        messages like "Lame server on ..."
           *     statistics
           *     panic               if the server has to shut itself
           *                         down due to an internal problem, it
           *                         logs the problem here (as well as
           *                         in the problem's native category)
           *     update              dynamic update
           *     ncache              negative caching
           *     xfer-in             zone transfers we're receiving
           *     xfer-outzone        transfers we're sending
           *     db                  all database operations
           *     eventlib            debugging info from the event system
           *                         (see below)
           *     packet              dumps of packets received and sent
           *                         (see below)
           *     notify              the NOTIFY protocol
           *     cname               messages like "XX points to a CNAME"
           *     security            approved/unapproved requests
           *     os                  operating system problems
           *     insist              consistency checkfailures
           *     maintenance         periodic maintenance
           *     load                zone loading
           *     response-checks     messages like
           *                         "Malformed response ..."
           *                         "wrong ans. name ..."
           *                         "unrelated additional info ..."
           *                         "invalid RR type ..."
           *                         "bad referral ..."
           */

           category parser {
                  syslog_errors;        // you can log to as many
                  default_syslog;       // channels as you want
           };

           category lame-servers { null; }; // don't log these at all
           channel moderate_debug {
                   severity debug 3;    // level 3 debugging to file
                   file "foo";          // foo
                   print-time yes;      // timestamp log entries
                   print-category yes;  // print category name
                   print-severity yes;  // print severity level
                   /*
                    * Note that debugging must have been turned on either
                    * on the command line or with a signal to get
                    * debugging output (non-debugging output will still
                    * be written to this channel).
                    */
           };
 
           /*
            * If you don't want to see "zone XXXX loaded" messages but do
            * want to see any problems, you could do the following.
            */
           channel no_info_messages {
                   syslog;
                   severity notice;
           };

           category load { no_info_messages; };

           /*
            * You can also define category "default"; it gets used when
            * no "category" statement has been given for a category.
            */
           category default {
                    default_syslog;
                    moderate_debug;
           };

           /*
            * If you don't define category default yourself, the default
            * default category will be used. It is
            *
            *     category default {default_syslog; default_debug; };
            */

           /*
            * If you don't define category panic yourself, the default
            * panic category will be used. It is
            *
            *     category panic {default_syslog; default_stderr; };
            */

           /*
            * Two categories, 'packet' and 'eventlib', are special.
            * Only one channel may be assigned to each of them, and it
            * must be a file channel. If you don't define them yourself,
            * they default to
            *
            *     category eventlib { default_debug; };
            *
            * category packet {default_debug; };
            */
 };

 include "filename";                      // can't do within a statement
  



Appendix A Samba/iX Sample Comfiguration File

Appendix C BIND 8.1 Enhanced Features