|
Appendix C A named Reference |
|
|
|
Appendix C A named Reference |
|
The /etc/named.boot file defines the name server configuration and tells named where to obtain the name server database information. named.boot contains the following types of records:
directory-path
Defines a default directory used for all subsequent file references anywhere in the named configuration. If named is forced to dump memory, the memory dump is stored in this directory.
domain-name file-name
Declares the local name server as the primary master server for the domain specified by
domain-name
. As a primary server, the system loads the name server database from the local disk file specified by
name
in the
file-name
field.
domain-name server-address-list file-name
Makes the local server a secondary master server for the domain identified by
domain-name
. The
server-address-list
contains the IP address of at least one other master server for this domain. Multiple addresses can be provided in the list, but at least the primary server's address should be provided. The local server will try each server in the list until it successfully loads the name server database. The local server transfers the entire domain database and stores all of the data it receives in a local file identified by
file-name
. After completing the transfer, the local server answers all queries for information about the domain with complete authority.
file-name
The cache command points to the file used to initialize the name server cache with a list of root servers. This command starts with the keyword cache , followed by the name of the root domain (.), and ends with the name of the file that contains the root server list. This file can have any name you wish, but it is usually called named.ca , named.root , or root.cache . The cache command is included in every named.boot file. named needs the list of root servers as a starting point from which to locate all other DNS domains.
server-address server-address ...
The
forwarders
command provides
named
with a list of servers to try if it can't resolve a query from its own cache. In the syntax shown,
server-address
is the IP address of a server on your network that can perform a recursive name server query for the local host. (A recursive query [2] means that the remote server pursues the answer to the query, even if it does not have the answer itself, and returns the answer to the originator.) The servers listed on the
forwarders
command line (the servers are also called "forwarders") are tried in order until one responds to the query. The listed servers develop an extensive cache that benefits every host that uses them. Because of this, their use is often recommended. If you plan to use
forwarders
, your network administrator should define the list of forwarders for your network. The forwarders only develop a rich cache if they are used by several hosts.
[2] Chapter 3, Network Services , discusses recursive and nonrecursive name server queries.
The slave command forces the local server to use only the servers listed on the forwarders command line. The slave command can only be used if a forwarders command is also present in the named.boot file. A server that has a slave command in its named.boot file is called a slave server . A slave server does not attempt to contact the authoritative servers for a domain, even if the forwarding servers do not respond to its query. Regardless of the circumstances, a slave server queries only the forwarders. The slave command is used when limited network access makes the forwarders the only servers that can be reached by the local host. The slave command is not used on systems that have full Internet access because it limits their flexibility.
network network ...
The sortlist command causes named to prefer addresses from the listed networks over addresses from other networks. Normally, DNS sorts the addresses in a response only if the host issuing the query and the name server share a network. In that case, the shared network is the preferred network.
address
[
&
mask] ...
The
xfrnets
command limits zone transfers to hosts with the specified
address
. The
address
is written in dotted decimal notation and is intepreted as a network address. The optional mask field is used to change the interpretation of the
address
. When a bit is on in the mask field, that bit is significant for determining which hosts will be allowed to receive a zone file transfer. For example,
xfrnets 172.16.0.0
allows every host on network 172.16 to do zone file transfers, while
xfrnets 172.16.12.3&255.255.255.255
limits zone file transfers to the single host 172.16.12.3.
For security reasons, many sites do not want to let everyone list all of the hostnames in their domain. xfrnets limits the ability to retrieve your entire domain to specific, trusted hosts. tcplist is an alternative form of this command maintained for compatibility with older server implementations.
file
The
include
command includes the contents of
file
at the location that the command appears in the boot file. This command can be used for very large configurations that are maintained by different people.
address address ...
The
bogusns
command prevents queries from being sent to the name server specified by
address
.
address
must be an IP address, not a domain name. This command is used to avoid cache contamination when you know that a remote name server is providing incorrect informatiom.
bogusns
is only a temporary fix placed in the boot file until the remote domain administrator has a chance to fix the real problem.
name value
The
limit
command changes BIND's internal quotas.
value
is a number that specifies the new quota setting.
k
,
m
, or
g
, for kilobytes, megabytes, and gigabytes, respectively, can be appended to the new quota value number as appropriate.
name
is the name of the quota being set. There are four possible values for
name
:
datasize
sets the process data size quota; [3]
transfers-in
sets the number of named transfer subprocesses that BIND may spawn at any one time;
transfers-per-ns
sets the maximum number of simultaneous zone transfers allowed to any one remote nameserver. There can be multiple limit commands in a boot file - one for each quota that is being set.
[3] This is a kernel quota and therefore can be set only on systems that provide a kernel call to implement this.
option option ...
The
options
command enables optional features of BIND. The
option
keywords are Booleans. Specifying an
option
on the command line turns on the optional behavior. By default, the optional features are turned off. Valid
option
values are:
query-log
- logs all queries via syslogd, which produces a very large amount of log data.
forward-only
- all queries are to be sent to the forwarders; this is exactly the same as the
slave
command, though this syntax is now preferred over the
slave
syntax.
fake-iquery
- the nameserver responds to inverse queries with a fake reply rather than an error; used if you have some clients that cannot properly handle the error.
no-recursion
- the name server answers a query for data only in a zone for which it is authoritative; all other queries are answered with a referral to another server.
no-fetch-glue
- the
nameserver does not fetch missing glue records for a query response; the resulting response could be incomplete; it is used with
no-recursion
to limit cache growth and reduce the chance of cache corruption.
source action
The
check-names
command tells the name server to check host names against the standards for hostnames defined in RFC 952, and to check non-hostname responses to make sure that they contain nothing but printable characters. The
source
is the source of the hostname or string data that is being checked. The
source
can be
primary
for the primary zone file;
secondary
for the secondary zone file, or
response
for the message received during recursive search. The
action
tells the name server what to do when an error is detected:
fail
(reject the data; do not load, cache, or forward it);
warn
(send an error message to the system log); or
ignore
(process the data as if no error occurred). Multiple
check-names
commands can appear in a boot file; one for each source of data. The action for each source can be different.
value
The max-fetch command performs exactly the same function as the limit transfers-in command described previously. The limit command is now the preferred syntax.
At this writing, an experimental named.boot command is supported in some configurations:
domain-name server-address-list file-name
This command declares that this is a "stub" server for the domain specified by
domain-name
. The stub information is loaded from a server specified in the
server-address-list
and is stored in the file identified by
file-name
. The format of the
stub
command is the same as the
secondary
command and the functions of the fields in the command are the same. However, the
stub
command has very limited applicability. It is only used on a primary host that is not secondary for its subordinate domains. In that limited case, it is used to ensure that the primary host has the correct NS records for its subordinate domains.
There is a named.boot command that is no longer widely supported. You'll occasionally encounter descriptions of it in material written about name service, and for that reason it's discussed here. But don't use it in your configurations. It is:
|
|
|
|
| C.1 The named Command |
|
C.3 Zone File Records |