named.conf - named configuration file
/etc/namedb/named.conf
This file is the default configuration (or boot) file for
the named server. This configuration file replaces the
named.boot file.
The named daemon reads the start-up file when the named
daemon starts and when receiving signal SIGHUP.
The statements in the named.conf file tell the named daemon
what type of server it is, which domains (or zones of
authority) it has authority over, and where to get the
data for initially setting up its database.
The name server first needs to know the root name server,
which is the authority server for the network. The root
name server is established in the named.conf file by specifying
the root server filename (named.ca) as the cache
for this name server.
The named.conf file consists of a sequence of statements
terminated by a semi-colon (;) and comments. Comments can
be specified by any of the following: A number sign (#)
The C-style /* and */ characters. The C++-style // characters
The types of named.conf statements are as follows: Defines
a named IP address matching list for access control and
other uses. Includes a file. Specifies key information
for use in authentication and authorization. Specifies
the information that the server logs and the destination
of the log messages. Controls global server configuration
options and sets defaults for other statements. Sets certain
configuration options on a per-server basis. Defines
a zone.
The logging and options statements can occur only one time
in a configuration file. Many statements contain a block
of substatements, which are also terminated with a semicolon.
See the BIND Configuration Guide in the Tru64 UNIX
HTML Documentation Library for additional information
about the description and format of each statement.
For examples of various ways of using the named.conf file,
see the EXAMPLES section.
See named(8) for additional named.conf file directives.
Note
If you manually edit the named.conf file and later modify
your BIND configuration with the SysMan Menu (see bindconfig(8)), your changes will be overwritten.
The following examples show the various ways to use the
named start-up file. The /etc/namedb/named.conf file for
venus, a master name server (that which used to be called
a primary name server), contains these entries:
// Configuration (boot) file for master name server
// zone "." {
type hint;
file "/etc/named.ca"; };
zone "abc.aus.osf.com" {
type master;
file "/etc/named.abcdata"; };
zone "xyz.aus.osf.com" {
type master;
file "/etc/named.xyzdata"; };
zone "201.9.192.in-addr.arpa" {
type master;
file "/etc/named.abcrev"; };
zone "100.114.128.in-addr.arpa" {
type master;
file "/etc/named.xyzrev"; };
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.local"; };
In this example, the master name server is venus
and the Internet address is 192.9.201.1. The
/etc/namedb/named.conf file for kronos, a slave
name server (that which used to be called a secondary
name server), contains these entries:
// Configuration (boot) file for slave name server
// zone "." {
type hint;
file "/etc/named.ca"; };
zone "abc.aus.osf.com" {
type slave;
file "192.9.201.2";
masters {
192.9.201.1;
}; };
zone "xyz.aus.osf.com" {
type slave;
file "192.9.201.2";
masters {
192.9.201.1;
}; };
zone "201.9.192.in-addr.arpa" {
type slave;
file "192.9.201.2";
masters {
192.9.201.1;
}; };
zone "100.114.128.in-addr.arpa" {
type slave;
file "192.9.201.2";
masters {
192.9.201.1;
}; };
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.local"; };
In this example the slave name server is kronos and
the Internet address is 192.9.201.2. The
/etc/namedb/named.conf file for hera, a cachingonly
name server contains these entries:
// Configuration (boot) file for caching-only
server // zone "." { type hint; file
"/etc/named.ca"; };
zone "0.0.127.in-addr.arpa" { type master;
file "/etc/named.local"; }; The
/etc/namedb/named.conf file for titan, an IPv4 master
name server that accepts secure dynamic updates
from new clients, contains these entries:
Note
It is recommended that you do not enable authentication
for IPv6 zones that are dynamically updated.
See bind_manual_setup(7) for more information.
// Configuration (boot) file for master name server
// include "/etc/namedb/named.keys";
zone "." {
type hint;
file "/etc/named.ca"; };
zone "dyn.aus.osf.com" {
type master;
file "/etc/named.dyndata"; allowupdate
{ dynnet-titan_update }; };
zone "201.9.192.in-addr.arpa" {
type master;
file "/etc/named.dynrev"; allow-update
{ dynnet-titan_update }; };
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.local"; };
The allow-update substatement in the zone statements
specifies that dynamic updates to the master
DNS database are successful only if they are signed
with the dynnet-titan_update key.
The include statement calls named.keys, a file that
is read/writable only by superuser and contains the
following key configuration statement:
key dynnet-titan_update {
algorithm hmac-md5;
secret "YYnTXprDocI5qizxfT9/A8f9Ec+eq0Oo1DGXvks/Q27kTMMYKw=="
};
You generate a private key for the secret substatement
by using the dnskeygen command.
See the Network Administration: Services manual or
bind_manual_setup(7) for more information about
configuring secure dynamic updates.
Commands: bindconfig(8), named(8), dnskeygen(1)
Networking: bind_manual_setup(7)
Network Administration: Services
named.conf(4)
[ Back ] |
