propagation can therefore take extended periods.
4. The optional NOTIFY (:rfc:`1996`) feature (2) is automatically configured;
- use the :ref:`notify <notify_st>` statement to turn off the feature.
+ use the :namedconf:ref:`notify` statement to turn off the feature.
Whenever the primary loads or reloads a zone, it sends a NOTIFY message to
the configured secondary (or secondaries) and may optionally be configured
to send the NOTIFY message to other hosts using the
- :ref:`also-notify<also-notify>` statement. The NOTIFY message simply
+ :any:`also-notify` statement. The NOTIFY message simply
indicates to the secondary that the primary has loaded or reloaded the zone.
On receipt of the NOTIFY message, the secondary respons to indicate it has received the NOTIFY and immediately reads the SOA RR
from the primary (as described in section 2 a. above). If the zone file has
The added statements and blocks are commented in the above file.
-The :any:`zone` block, and :ref:`allow-query<allow-query>`,
+The :any:`zone` block, and :any:`allow-query`,
:any:`allow-query-cache`,
-:ref:`allow-transfer<allow-transfer>`, :ref:`file<file>`,
-:ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :any:`type`
+:any:`allow-transfer`, :any:`file`,
+:namedconf:ref:`notify`, :any:`recursion`, and :any:`type`
statements are described in detail in the appropriate sections.
.. _sample_secondary:
The statements and blocks added are all commented in the above file.
-The :any:`zone` block, and :ref:`allow-query<allow-query>`,
+The :any:`zone` block, and :any:`allow-query`,
:any:`allow-query-cache`,
-:ref:`allow-transfer<allow-transfer>`, :ref:`file<file>`,
-:ref:`notify<notify_st>`, :ref:`primaries<primaries>`,
-:ref:`recursion<recursion>`, and :any:`type` statements are described in
+:any:`allow-transfer`, :any:`file`,
+:namedconf:ref:`primaries`,
+:any:`recursion`, and :any:`type` statements are described in
detail in the appropriate sections.
If NOTIFY is not being used, no changes are required in this
can get more complicated. A secondary zone can also be a primary to other
secondaries: :iscman:`named`, by default, sends NOTIFY messages for every
zone it loads. Specifying :ref:`notify primary-only;<notify>` in the
- :ref:`zone<zone_clause>` block for the secondary causes :iscman:`named` to
+ :any:`zone` block for the secondary causes :iscman:`named` to
only send NOTIFY messages for primary zones that it loads.
Private IP addresses may be defined using standard :ref:`reverse-mapping
techniques<ipv4_reverse>` or using the
-:ref:`empty-zones-enable<empty-zones-enable>` statement. By
+:any:`empty-zones-enable` statement. By
default this statement is set to ``empty-zones-enable yes;`` and thus automatically prevents
unnecessary DNS traffic by sending an NXDOMAIN error response (indicating the
name does not exist) to any request. However, some applications may require a
};
The :any:`zone` and :any:`acl` blocks, and the
-:ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
-:ref:`file<file>`, :ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and
+:any:`allow-query`, :any:`empty-zones-enable`,
+:any:`file`, :namedconf:ref:`notify`, :any:`recursion`, and
:any:`type` statements are described in detail in the appropriate
sections.
};
The :any:`zone` and :any:`acl` blocks, and the
-:ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
-:ref:`file<file>`, :ref:`forward<forward>`, :ref:`forwarders<forwarders>`,
-:ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :any:`type`
+:any:`allow-query`, :any:`empty-zones-enable`,
+:any:`file`, :any:`forward`, :any:`forwarders`,
+:namedconf:ref:`notify`, :any:`recursion`, and :any:`type`
statements are described in detail in the appropriate sections.
As a reminder, the configuration of this forwarding resolver does **not**
The :any:`zone` and :any:`acl` blocks, and the
-:ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
-:ref:`file<file>`, :ref:`forward<forward>`, :ref:`forwarders<forwarders>`,
-:ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :any:`type`
+:any:`allow-query`, :any:`empty-zones-enable`,
+:any:`file`, :any:`forward`, :any:`forwarders`,
+:namedconf:ref:`notify`, :any:`recursion`, and :any:`type`
statements are described in detail in the appropriate sections.
As a reminder, the configuration of this resolver does **not** access the DNS
:any:`parental-agents`
Defines a named list of servers for inclusion in primary and secondary zones' :any:`parental-agents` lists.
-.. _primaries:
-
:any:`primaries`
Defines a named list of servers for inclusion in stub and secondary zones' :any:`primaries` or :any:`also-notify` lists. (Note: this is a synonym for the original keyword ``masters``, which can still be used, but is no longer the preferred terminology.)
:any:`view`
Defines a view.
-.. _zone_clause:
-
:any:`zone`
Defines a zone.
version of :any:`syslog`, which only uses two arguments to the ``openlog()``
function, this clause is silently ignored.
-.. _severity:
-
.. namedconf:statement:: severity
:tags: logging
:short: Defines the priority level of log messages.
This is the grammar of the ``options`` statement in the :iscman:`named.conf`
file:
-.. _options:
-
``options`` Block Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ``options`` statement, an options block with each option set to its
default is used.
-.. _attach-cache:
-
.. namedconf:statement:: attach-cache
:tags: view
:short: Allows multiple views to share a single cache database.
administrator's responsibility to ensure that configuration differences in
different views do not cause disruption with a shared cache.
-.. _directory:
-
.. namedconf:statement:: directory
:tags: server
:short: Sets the server's working directory.
is to prefer A records when responding to queries that arrived via
IPv4 and AAAA when responding to queries that arrived via IPv6.
-.. _root-delegation-only:
-
.. namedconf:statement:: root-delegation-only
:tags: query
:short: Turns on enforcement of delegation-only in top-level domains (TLDs) and root zones with an optional exclude list.
unnecessary records are added to the authority or additional
sections. The default is ``no``.
-.. _notify_st:
-
.. namedconf:statement:: notify
:tags: transfer
:short: Controls whether ``NOTIFY`` messages are sent on zone changes.
ultimate primary should be set to still send NOTIFY messages to all the name servers
listed in the NS RRset.
-.. _recursion:
-
.. namedconf:statement:: recursion
:tags: query
:short: Defines whether recursion and caching are allowed.
The DNSSEC records are written to the zone's filename set in :any:`file`,
unless :any:`inline-signing` is enabled.
-.. _dnssec-validation-option:
-
.. namedconf:statement:: dnssec-validation
:tags: dnssec
:short: Enables DNSSEC validation in :iscman:`named`.
Forwarding occurs only on those queries for which the server is not
authoritative and does not have the answer in its cache.
-.. _forward:
-
.. namedconf:statement:: forward
:tags: query
:short: Allows or disallows fallback to recursion if forwarding has failed; it is always used in conjunction with the :any:`forwarders` statement.
server then looks for the answer itself. If ``only`` is
specified, the server only queries the forwarders.
-.. _forwarders:
-
.. namedconf:statement:: forwarders
:tags: query
:short: Defines one or more hosts to which queries are forwarded.
and inherited by zones, this can lead to some zones unintentionally
forwarding updates.
-.. _allow-transfer-access:
-
-.. _allow-transfer:
-
.. namedconf:statement:: allow-transfer
:tags: transfer
:short: Defines an :any:`address_match_list` of hosts that are allowed to transfer the zone information from this server.
on the amount of load that transfers place on the system. The following
options apply to zone transfers.
-.. _also-notify:
-
.. namedconf:statement:: also-notify
:tags: transfer
:short: Defines one or more hosts that are sent ``NOTIFY`` messages when zone changes occur.
This option is deprecated and no longer has any effect.
-.. _max-cache-size:
-
.. namedconf:statement:: max-cache-size
:tags: server
:short: Sets the maximum amount of memory to use for an individual cache database and its associated metadata.
physical memory. By default, each view has its own separate cache,
which means the total amount of memory required for cache data is the
sum of the cache database sizes for all views (unless the
- :ref:`attach-cache <attach-cache>` option is used).
+ :any:`attach-cache` option is used).
When the amount of data in a cache database reaches the configured
limit, :iscman:`named` starts purging non-expired records (following an
This specifies the contact name that appears in the returned SOA record for
empty zones. If none is specified, "." is used.
-.. _empty-zones-enable:
-
.. namedconf:statement:: empty-zones-enable
:tags: server, zone
:short: Enables or disables all empty zones.
This enables or disables all empty zones. By default, they are enabled.
-.. _disable-empty-zone:
-
.. namedconf:statement:: disable-empty-zone
:tags: server, zone
:short: Disables individual empty zones.
methods may be added in the future.
To make mirror zone contents persist between :iscman:`named` restarts, use
- the :ref:`file <file-option>` option.
+ the :any:`file` option.
Mirroring a zone other than root requires an explicit list of primary
servers to be provided using the :any:`primaries` option (see
explicit;``.
Outgoing transfers of mirror zones are disabled by default but may be
- enabled using :ref:`allow-transfer <allow-transfer-access>`.
+ enabled using :any:`allow-transfer`.
.. note::
Use of this zone type with any zone other than the root should be
:any:`delegation-only` has no effect on answers received from forwarders.
- See caveats in :ref:`root-delegation-only <root-delegation-only>`.
+ See caveats in :any:`root-delegation-only`.
.. namedconf:statement:: in-view
:tags: view, zone
:any:`allow-notify`
See the description of :any:`allow-notify` in :ref:`access_control`.
-.. _allow-query:
-
:any:`allow-query`
See the description of :any:`allow-query` in :ref:`access_control`.
See the description of :any:`update-check-ksk` in :ref:`boolean_options`.
:any:`dnssec-loadkeys-interval`
- See the description of :any:`dnssec-loadkeys-interval` in :ref:`options`.
+ See the description of :any:`dnssec-loadkeys-interval` in :namedconf:ref:`options`.
:any:`dnssec-update-mode`
- See the description of :any:`dnssec-update-mode` in :ref:`options`.
+ See the description of :any:`dnssec-update-mode` in :namedconf:ref:`options`.
:any:`dnssec-dnskey-kskonly`
See the description of :any:`dnssec-dnskey-kskonly` in :ref:`boolean_options`.
``yes``, then the zone is treated as if it is also a
delegation-only type zone.
- See caveats in :ref:`root-delegation-only <root-delegation-only>`.
-
-.. _file-option:
-
-.. _file:
+ See caveats in :any:`root-delegation-only`.
.. namedconf:statement:: file
:tags: zone
:any:`primary <type primary>` and :any:`secondary <type secondary>` zones.
:any:`max-ixfr-ratio`
- See the description of :any:`max-ixfr-ratio` in :ref:`options`.
+ See the description of :any:`max-ixfr-ratio` in :namedconf:ref:`options`.
:any:`max-journal-size`
See the description of :any:`max-journal-size` in :ref:`server_resource_limits`.
See the description of :any:`notify-to-soa` in :ref:`boolean_options`.
:any:`zone-statistics`
- See the description of :any:`zone-statistics` in :ref:`options`.
+ See the description of :any:`zone-statistics` in :namedconf:ref:`options`.
.. namedconf:statement:: server-addresses
:tags: query, zone
are not available at the zone level.)
:any:`key-directory`
- See the description of :any:`key-directory` in :ref:`options`.
+ See the description of :any:`key-directory` in :namedconf:ref:`options`.
:any:`auto-dnssec`
- See the description of :any:`auto-dnssec` in :ref:`options`.
+ See the description of :any:`auto-dnssec` in :namedconf:ref:`options`.
:any:`serial-update-method`
- See the description of :any:`serial-update-method` in :ref:`options`.
+ See the description of :any:`serial-update-method` in :namedconf:ref:`options`.
.. namedconf:statement:: inline-signing
:tags: dnssec, zone
See the description of :any:`masterfile-format` in :ref:`tuning`.
:any:`max-zone-ttl`
- See the description of :any:`max-zone-ttl` in :ref:`options`.
+ See the description of :any:`max-zone-ttl` in :namedconf:ref:`options`.
The use of this option in :any:`zone` blocks is deprecated and
will be rendered nonoperational in a future release.
A subset of Name Server Statistics is collected and shown per zone for
which the server has the authority, when :any:`zone-statistics` is set to
``full`` (or ``yes``), for backward compatibility. See the description of
-:any:`zone-statistics` in :ref:`options` for further details.
+:any:`zone-statistics` in :namedconf:ref:`options` for further details.
These statistics counters are shown with their zone and view names. The
view name is omitted when the server is not configured with explicit
projects / thirdparty / bind9.git / commitdiff
