+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*
- * This is a worthless, nonrunnable example of a named.conf file that has
- * every conceivable syntax element in use. We use it to test the parser.
- * It could also be used as a conceptual template for users of new features.
- */
-
-/*
- * C-style comments are OK
- */
-
-// So are C++-style comments
-
-# So are shell-style comments
-
-// watch out for ";" -- it's important!
-
-options {
- version "my version string";
- random-device "/dev/random";
- directory "/tmp";
-
- port 666;
-
- sig-validity-interval 33;
-
-# Obsolete
- named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
-
- dump-file "named_dump.db"; // _PATH_DUMPFILE
- pid-file "/var/run/named.pid"; // _PATH_PIDFILE
- statistics-file "named.stats"; // _PATH_STATS
- memstatistics-file "named.memstats"; // _PATH_MEMSTATS
-
- max-cache-ttl 999;
- min-cache-ttl 66;
- auth-nxdomain yes; // always set AA on NXDOMAIN.
- // don't set this to 'no' unless
- // you know what you're doing -- older
- // servers won't like it.
-
-# Obsolete
- deallocate-on-exit no;
-
- dialup yes;
-
-# Obsolete
- fake-iquery no;
-
- fetch-glue yes;
- has-old-clients yes;
- host-statistics no;
-
-# Obsolete
- multiple-cnames no; // if yes, then a name my have more
- // than one CNAME RR. This use
- // is non-standard and is not
- // recommended, but it is available
- // because previous releases supported
- // it and it was used by large sites
- // for load balancing.
-
- notify yes; // send NOTIFY messages. You can set
- // notify on a zone-by-zone
- // basis in the "zone" statement
- // see (below)
- recursion yes;
- rfc2308-type1 no;
-
-# Obsolete
- use-id-pool yes;
-
-# Obsolete
- treat-cr-as-space yes;
-
- also-notify { 10.0.2.3; };
-
- // The "forward" option is only meaningful if you've defined
- // forwarders. "first" gives the normal BIND
- // forwarding behavior, i.e. ask the forwarders first, and if that
- // doesn't work then do the full lookup. You can also say
- // "forward only;" which is what used to be specified with
- // "secondary" or "options forward-only". "only" will never attempt
- // a full lookup; only the forwarders will be used.
- forward first;
- forwarders {
- 1.2.3.4;
- 5.6.7.8;
- };
-
- check-names primary fail;
- check-names secondary warn;
- check-names response ignore;
-
- allow-query { any; };
- allow-transfer { any; };
- allow-recursion { !any; };
- blackhole { 45/24; };
- keep-response-order { 46/24; };
-
- listen-on {
- 10/24;
- 10.0.0.3;
- };
-
- listen-on port 53 { any; };
-
- listen-on { 5.6.7.8; };
-
- listen-on port 1234 {
- !1.2.3.4;
- 1.2.3/24;
- };
-
- listen-on-v6 {
- 1:1:1:1:1:1:1:1;
- };
-
- listen-on-v6 port 777 {
- 2:2:2:2:2:2:2:2;
- };
-
- query-source-v6 address 8:7:6:5:4:3:2:1 port *;
- query-source port * address 10.0.0.54 ;
-
- lame-ttl 444;
-
- max-transfer-time-in 300;
- max-transfer-time-out 10;
- max-transfer-idle-in 100;
- max-transfer-idle-out 11;
-
- max-retry-time 1234;
- min-retry-time 1111;
- max-refresh-time 888;
- min-refresh-time 777;
-
- max-ncache-ttl 333;
- min-ncache-ttl 22;
- min-roots 15;
- serial-queries 34;
-
- transfer-format one-answer;
-
- transfers-in 10;
- transfers-per-ns 2;
- transfers-out 0;
-
- transfer-source 10.0.0.5;
- transfer-source-v6 4:3:2:1:5:6:7:8;
-
- request-ixfr yes;
- provide-ixfr yes;
-
-# Now called 'provide-ixfr'
-# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
-
- max-ixfr-log-size 20m;
- coresize 100;
- datasize 101;
- files 230;
- max-cache-size 1m;
- stacksize 231;
- heartbeat-interval 1001;
- interface-interval 1002;
- statistics-interval 1003;
-
- topology {
- 10/8;
-
- !1.2.3/24;
-
- { 1.2/16; 3/8; };
-
-
- };
-
- sortlist { 10/8; 11/8; };
-
- tkey-domain "foo.com";
- tkey-dhkey "xyz" 666 ;
-
- rrset-order {
- class IN type A name "foo" order random;
- order cyclic;
- };
-};
-
-/*
- * Control listeners, for "ndc". Every nameserver needs at least one.
- */
-controls {
- // 'inet' lines without a 'port' defaults to 'port 953'
- // 'keys' must be used and the list must have at least one entry
- inet * port 52 allow { any; } keys { "key2"; };
- unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
- inet 10.0.0.1 allow { any; key foo; } keys { "key4";};
- inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
- inet 10.0.0.2 allow { none; };
-};
-
-zone "primary.demo.zone" {
- type primary; // what used to be called "primary"
- database "somedb -option1 -option2 arg1 arg2 arg3";
- file "primary.demo.zone";
- check-names fail;
- allow-update { none; };
- allow-update-forwarding { 10.0.0.5; !any; };
- allow-transfer { any; };
- allow-query { any; };
- sig-validity-interval 990;
- notify explicit;
- also-notify { 1.0.0.1; }; // don't notify any nameservers other
- // than those on the NS list for this
- // zone
- forward first;
- forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
-};
-
-zone "secondary.demo.zone" {
- type secondary; // what used to be called "secondary"
- file "secondary.demo.zone";
- ixfr-base "secondary.demo.zone.ixfr"; // File name for IXFR transaction log file
- primaries {
- 1.2.3.4 port 10 key "foo"; // where to zone transfer from
- 5.6.7.8;
- 6.7.8.9 key "zippo";
- };
- transfer-source 10.0.0.53; // fixes multihoming problems
- check-names warn;
- allow-update { none; };
- allow-transfer { any; };
- allow-update-forwarding { any; };
- allow-query { any; };
- max-transfer-time-in 120; // if not set, global option is used.
- max-transfer-time-out 1; // if not set, global option is used.
- max-transfer-idle-in 2; // if not set, global option is used.
- max-transfer-idle-out 3; // if not set, global option is used.
- also-notify { 1.0.0.2; };
- forward only;
- forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
-};
-
-key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; };
-
-view "test-view" in {
- key "viewkey" { algorithm "xxx" ; secret "eXl5" ; };
- also-notify { 10.2.2.3; };
- managed-keys {
- foo.com. static 4 3 2 "abdefghijklmnopqrstuvwxyz";
- };
- sig-validity-interval 45;
- max-cache-size 100000;
- allow-query { 10.0.0.30;};
- match-clients { 10.0.0.1 ; };
- check-names primary warn;
- check-names secondary ignore;
- check-names response fail;
- auth-nxdomain false;
- recursion true;
- provide-ixfr false;
- request-ixfr true;
- fetch-glue true;
- notify false;
- rfc2308-type1 false;
- transfer-source 10.0.0.55;
- transfer-source-v6 4:3:8:1:5:6:7:8;
- query-source port * address 10.0.0.54 ;
- query-source-v6 address 6:6:6:6:6:6:6:6 port *;
- max-transfer-time-out 45;
- max-transfer-idle-out 55;
- min-roots 3;
- lame-ttl 477;
- max-ncache-ttl 333;
- max-cache-ttl 777;
- transfer-format many-answers;
- max-retry-time 7;
- min-retry-time 4;
- max-refresh-time 999;
- min-refresh-time 111;
-
- zone "view-zone.com" {
- type primary;
- allow-update-forwarding { 10.0.0.34;};
- file "view-zone-primary";
- };
-
- server 5.6.7.8 {
- keys "viewkey";
- };
-
- server 10.9.8.7 {
- keys "non-viewkey";
- };
- dialup yes;
-};
-
-
-zone "stub.demo.zone" {
- type stub; // stub zones are like secondary zones,
- // except that only the NS records
- // are transferred.
- dialup yes;
- file "stub.demo.zone";
- primaries {
- 1.2.3.4 ; // where to zone transfer from
- 5.6.7.8 port 999;
- };
- check-names warn;
- allow-update { none; };
- allow-transfer { any; };
- allow-query { any; };
-
- max-retry-time 10;
- min-retry-time 11;
- max-refresh-time 12;
- min-refresh-time 13;
-
- max-transfer-time-in 120; // if not set, global option is used.
- pubkey 257 255 1 "a useless key";
- pubkey 257 255 1 "another useless key";
-};
-
-zone "." {
- type hint; // used to be specified w/ "cache"
- file "cache.db";
-// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
-};
-
-managed-keys {
- "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
-};
-
-
-acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
- // is disallowed; rest are OK
-acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
- // by can_query are OK
-
-zone "disabled-zone.com" {
- type primary;
- file "bar";
-
- max-retry-time 100;
- min-retry-time 110;
- max-refresh-time 120;
- min-refresh-time 130;
-};
-
-zone "non-default-acl.demo.zone" {
- type primary;
- file "foo";
- allow-query { can_query; };
- allow-transfer { can_axfr; };
- allow-update {
- 1.2.3.4;
- 5.6.7.8;
- };
- pubkey 666 665 664 "key of the beast";
- // Errors trapped by parser:
- // identity or name not absolute
- // 'wildcard' match type and no wildcard character in name
- //
- // issues:
- // - certain rdatatype values (such as "key") are config file keywords and
- // must be quoted or a syntax error will occur.
- //
-
- update-policy {
- grant root.domain. subdomain host.domain. A MX CNAME;
- grant sub.root.domain. wildcard *.host.domain. A;
- grant root.domain. name host.domain. a ns md mf cname soa mb mg
- mr "null" wks ptr hinfo minfo mx txt rp afsdb x25
- isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx
- cert a6 dname opt unspec uri tkey tsig ;
- grant foo.bar.com. self foo.bar.com. a;
- };
-};
-
-key sample_key { // for TSIG; supported by parser
- algorithm hmac-md5; // but not yet implemented in the
- secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
-};
-
-key key2 {
- algorithm hmac-md5;
- secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
-};
-
-acl key_acl { key sample_key; }; // a request signed with sample_key
-
-server 1.2.3.4 {
- request-ixfr no;
- provide-ixfr no;
- bogus no; // if yes, we won't query or listen
- // to this server
- transfer-format one-answer; // set transfer format for this
- // server (see the description of
- // 'transfer-format' above)
- // if not specified, the global option
- // will be used
- transfers 0; // not implemented
- keys { "sample_key" }; // for TSIG; supported by the parser
- // but not yet implemented in the
- // rest of the server
-};
-
-logging {
- /*
- * All log output goes to one or more "channels"; you can make as
- * many of them as you want.
- */
-
- channel syslog_errors { // this channel will send errors or
- syslog user; // or worse to syslog (user facility)
- severity error;
- };
-
- channel stderr_errors {
- stderr;
- };
-
- /*
- * Channels have a severity level. Messages at severity levels
- * greater than or equal to the channel's level will be logged on
- * the channel. In order of decreasing severity, the levels are:
- *
- * critical a fatal error
- * error
- * warning
- * notice a normal, but significant event
- * info an informational message
- * debug 1 the least detailed debugging info
- * ...
- * debug 99 the most detailed debugging info
- */
-
- /*
- * Here are the built-in channels:
- *
- * channel default_syslog {
- * syslog daemon;
- * severity info;
- * };
- *
- * channel default_debug {
- * file "named.run"; // note: stderr is used instead
- * // of "named.run" if the server
- * // is started with the "-f"
- * // option.
- * severity dynamic; // this means log debugging
- * // at whatever debugging level
- * // the server is at, and don't
- * // log anything if not
- * // debugging.
- * };
- *
- * channel null { // this is the bit bucket;
- * file "/dev/null"; // any logging to this channel
- * // is discarded.
- * };
- *
- * channel default_stderr { // writes to stderr
- * file "<stderr>"; // this is illustrative only;
- * // there's currently no way
- * // of saying "stderr" in the
- * // configuration language.
- * // i.e. don't try this at home.
- * severity info;
- * };
- *
- * default_stderr only works before the server daemonizes (i.e.
- * during initial startup) or when it is running in foreground
- * mode (-f command line option).
- */
-
- /*
- * There are many categories, so you can send the logs
- * you want to see wherever you want, without seeing logs you
- * don't want. Right now the categories are
- *
- * default the catch-all. many things still
- * aren't classified into categories, and
- * they all end up here. also, if you
- * don't specify any channels for a
- * category, the default category is used
- * instead.
- * config high-level configuration file
- * processing
- * parser low-level configuration file processing
- * queries what used to be called "query logging"
- * lame-servers messages like "Lame server on ..."
- * statistics
- * panic if the server has to shut itself
- * down due to an internal problem, it
- * logs the problem here (as well as
- * in the problem's native category)
- * update dynamic update
- * ncache negative caching
- * xfer-in zone transfers we're receiving
- * xfer-out zone transfers we're sending
- * db all database operations
- * eventlib debugging info from the event system
- * (see below)
- * packet dumps of packets received and sent
- * (see below)
- * notify the NOTIFY protocol
- * cname messages like "XX points to a CNAME"
- * security approved/unapproved requests
- * os operating system problems
- * insist consistency check failures
- * maintenance periodic maintenance
- * load zone loading
- * response-checks messages like
- * "Malformed response ..."
- * "wrong ans. name ..."
- * "unrelated additional info ..."
- * "invalid RR type ..."
- * "bad referral ..."
- */
-
- category parser {
- syslog_errors; // you can log to as many channels
- default_syslog; // as you want
- };
-
- category lame-servers { null; }; // don't log these at all
-
- channel moderate_debug {
- file "foo"; // foo
- severity debug 3; // level 3 debugging to file
- print-time yes; // timestamp log entries
- print-category yes; // print category name
- print-severity yes; // print severity level
- /*
- * Note that debugging must have been turned on either
- * on the command line or with a signal to get debugging
- * output (non-debugging output will still be written to
- * this channel).
- */
- };
-
- channel another {
- file "bar" versions 99 size 10M;
- severity info;
- };
-
- channel third {
- file "bar" size 100000 versions unlimited;
- severity debug; // use default debug level
- };
-
- /*
- * If you don't want to see "zone XXXX loaded" messages but do
- * want to see any problems, you could do the following.
- */
- channel no_info_messages {
- syslog;
- severity notice;
- };
-
- category load { no_info_messages; };
-
- /*
- * You can also define category "default"; it gets used when no
- * "category" statement has been given for a category.
- */
- category default {
- default_syslog;
- moderate_debug;
- };
-
- /*
- * If you don't define category default yourself, the default
- * default category will be used. It is
- *
- * category default { default_syslog; default_debug; };
- */
-
- /*
- * If you don't define category panic yourself, the default
- * panic category will be used. It is
- *
- * category panic { default_syslog; default_stderr; };
- */
-
- /*
- * Two categories, 'packet' and 'eventlib', are special. Only one
- * channel may be assigned to each of them, and it must be a
- * file channel. If you don't define them yourself, they default to
- *
- * category eventlib { default_debug; };
- *
- * category packet { default_debug; };
- */
-};
-
-#include "filename"; // can't do within a statement
-
projects / thirdparty / bind9.git / commitdiff
