answer-cookie true;\n\
automatic-interface-scan yes;\n\
bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
-# blackhole {none;};\n"
- " cookie-algorithm siphash24;\n"
+# blackhole {none;};\n\
+ cookie-algorithm siphash24;\n"
#ifndef WIN32
" coresize default;\n\
datasize default;\n"
#endif /* ifndef WIN32 */
"\
-# deallocate-on-exit <obsolete>;\n\
# directory <none>\n\
dnssec-policy \"none\";\n\
dump-file \"named_dump.db\";\n\
- edns-udp-size 1232;\n\
-# fake-iquery <obsolete>;\n"
+ edns-udp-size 1232;\n"
#ifndef WIN32
" files unlimited;\n"
#endif /* ifndef WIN32 */
#if defined(HAVE_GEOIP2) && !defined(WIN32)
- " geoip-directory \"" MAXMINDDB_PREFIX "/share/"
- "GeoIP\";"
- "\n"
+ " geoip-directory \"" MAXMINDDB_PREFIX
+ "/share/GeoIP\";\n"
#elif defined(HAVE_GEOIP2)
" geoip-directory \".\";\n"
#endif /* if defined(HAVE_GEOIP2) && !defined(WIN32) */
"\
-# has-old-clients <obsolete>;\n\
heartbeat-interval 60;\n\
-# host-statistics <obsolete>;\n\
interface-interval 60;\n\
# keep-response-order {none;};\n\
listen-on {any;};\n\
max-rsa-exponent-size 0; /* no limit */\n\
max-udp-size 1232;\n\
memstatistics-file \"named.memstats\";\n\
-# multiple-cnames <obsolete>;\n\
-# named-xfer <obsolete>;\n\
nocookie-udp-size 4096;\n\
notify-rate 20;\n\
nta-lifetime 3600;\n\
rrset-order { order random; };\n\
secroots-file \"named.secroots\";\n\
send-cookie true;\n\
-# serial-queries <obsolete>;\n\
serial-query-rate 20;\n\
server-id none;\n\
session-keyalg hmac-sha256;\n\
#endif /* ifndef WIN32 */
" startup-notify-rate 20;\n\
statistics-file \"named.stats\";\n\
-# statistics-interval <obsolete>;\n\
tcp-advertised-timeout 300;\n\
tcp-clients 150;\n\
tcp-idle-timeout 300;\n\
transfers-in 10;\n\
transfers-out 10;\n\
transfers-per-ns 2;\n\
-# treat-cr-as-space <obsolete>;\n\
trust-anchor-telemetry yes;\n\
-# use-id-pool <obsolete>;\n\
-# use-ixfr <obsolete>;\n\
\n\
/* view */\n\
allow-new-zones no;\n\
allow-recursion { localnets; localhost; };\n\
allow-recursion-on { any; };\n\
allow-update-forwarding {none;};\n\
-# allow-v6-synthesis <obsolete>;\n\
auth-nxdomain false;\n\
check-dup-records warn;\n\
check-mx warn;\n\
" dnstap-identity hostname;\n"
#endif /* ifdef HAVE_DNSTAP */
"\
-# fetch-glue <obsolete>;\n\
fetch-quota-params 100 0.1 0.3 0.7;\n\
fetches-per-server 0;\n\
fetches-per-zone 0;\n\
message-compression yes;\n\
min-ncache-ttl 0; /* 0 hours */\n\
min-cache-ttl 0; /* 0 seconds */\n\
-# min-roots <obsolete>;\n\
minimal-any false;\n\
minimal-responses no-auth-recursive;\n\
notify-source *;\n\
require-server-cookie no;\n\
resolver-nonbackoff-tries 3;\n\
resolver-retry-interval 800; /* in milliseconds */\n\
-# rfc2308-type1 <obsolete>;\n\
root-key-sentinel yes;\n\
servfail-ttl 1;\n\
# sortlist <none>\n\
# forwarders <none>\n\
# inline-signing no;\n\
ixfr-from-differences false;\n\
-# maintain-ixfr-base <obsolete>;\n\
-# max-ixfr-log-size <obsolete>\n\
max-journal-size default;\n\
max-records 0;\n\
max-refresh-time 2419200; /* 4 weeks */\n\
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- avoid-v4-udp-ports { 100; }
- avoid-v6-udp-ports { 100; };
- blackhole { 10.0.0.0/8; };
- coresize 1G;
- datasize 100M;
- deallocate-on-exit yes;
- directory ".";
- dump-file "named_dumpdb";
- fake-iquery yes;
- files 1000;
- has-old-clients no;
- heartbeat-interval 30;
- host-statistics yes;
- host-statistics-max 100;
- hostname none;
- interface-interval 30;
- keep-response-order { 10.0.0.10/24; };
- listen-on port 90 { any; };
- listen-on port 100 { 127.0.0.1; };
- listen-on-v6 port 53 { none; };
- match-mapped-addresses yes;
- memstatistics-file "named.memstats";
- multiple-cnames no;
- named-xfer "this is no longer needed";
- pid-file none;
- port 5300;
- querylog yes;
- recursing-file "named.recursing";
- recursive-clients 3000;
- serial-queries 10;
- serial-query-rate 100;
- server-id none;
-};
even if the server is not actually authoritative. The default is
``no``.
-``deallocate-on-exit``
- This option was used in BIND 8 to enable checking for memory leaks on
- exit. BIND 9 ignores the option and always performs the checks.
-
``memstatistics``
This writes memory statistics to the file specified by
``memstatistics-file`` at exit. The default is ``no`` unless ``-m
and inherited by zones, this can lead to some zones unintentionally
forwarding updates.
-``allow-v6-synthesis``
- This option was introduced for the smooth transition from AAAA to A6
- and from "nibble labels" to binary labels. However, since both A6 and
- binary labels were then deprecated, this option was also deprecated.
- It is now ignored with some warning messages.
-
.. _allow-transfer-access:
``allow-transfer``
{ "max-transfer-idle-out", 60, 28 * 24 * 60 }, /* 28 days */
{ "max-transfer-time-in", 60, 28 * 24 * 60 }, /* 28 days */
{ "max-transfer-time-out", 60, 28 * 24 * 60 }, /* 28 days */
- { "statistics-interval", 60, 28 * 24 * 60 }, /* 28 days */
/* minimum and maximum cache and negative cache TTLs */
{ "min-cache-ttl", 1, MAX_MIN_CACHE_TTL }, /* 90 secs */
projects / thirdparty / bind9.git / commitdiff
