 | Appendix C A named Reference |  |
| Appendix C A named Reference | |
The /etc/named.boot file defines the name server configuration and tells named where to obtain the name server database information. named.boot contains the following types of records:
directory-pathDefines a default directory used for all subsequent file references anywhere in the named configuration. If named is forced to dump memory, the memory dump is stored in this directory.
domain-name file-nameDeclares the local name server as the primary master server for the
domain specified by domain-name. As a primary server, the system
loads the name server database from the local disk file specified by
name in the file-name field.
domain-name server-address-list file-nameMakes the local server a secondary master server for the domain identified
by domain-name. The server-address-list contains the IP
address of at least one other master server for this domain. Multiple
addresses can be provided in the list, but at least the primary server's
address should be provided. The local server will try each server in
the list until it successfully loads the name server database. The local
server transfers the entire domain database and stores all of the data it
receives in a local file identified by file-name. After completing
the transfer, the local server answers all queries for information about
the domain with complete authority.
file-nameThe cache command points to the file used to initialize the name server cache with a list of root servers. This command starts with the keyword cache, followed by the name of the root domain (.), and ends with the name of the file that contains the root server list. This file can have any name you wish, but it is usually called named.ca, named.root, or root.cache. The cache command is included in every named.boot file. named needs the list of root servers as a starting point from which to locate all other DNS domains.
server-address server-address ...The forwarders command provides named with a list of
servers to try if it can't resolve a query from its own cache. In the
syntax shown, server-address is the IP address of a server on
your network that can perform a recursive name server query for the
local host. (A recursive query
[2]
means that the remote server pursues
the answer to the query, even if it does not have the answer itself,
and returns the answer to the originator.) The servers listed on the
forwarders command line (the servers are also called
"forwarders") are tried in order until one responds to the query. The
listed servers develop an extensive cache that benefits every host
that uses them. Because of this, their use is often recommended. If
you plan to use forwarders, your network administrator should
define the list of forwarders for your network. The forwarders only
develop a rich cache if they are used by several hosts.
[2] Chapter 3, Network Services, discusses recursive and nonrecursive name server queries.
The slave command forces the local server to use only the servers listed on the forwarders command line. The slave command can only be used if a forwarders command is also present in the named.boot file. A server that has a slave command in its named.boot file is called a slave server. A slave server does not attempt to contact the authoritative servers for a domain, even if the forwarding servers do not respond to its query. Regardless of the circumstances, a slave server queries only the forwarders. The slave command is used when limited network access makes the forwarders the only servers that can be reached by the local host. The slave command is not used on systems that have full Internet access because it limits their flexibility.
network network ...The sortlist command causes named to prefer addresses from the listed networks over addresses from other networks. Normally, DNS sorts the addresses in a response only if the host issuing the query and the name server share a network. In that case, the shared network is the preferred network.
address[&mask] ...The xfrnets command limits zone transfers to hosts with the specified
address. The address is written in dotted decimal notation
and is intepreted as a network address. The optional mask field
is used to change the interpretation of the address. When a bit
is on in the mask field, that bit is significant for determining which
hosts will be allowed to receive a zone file transfer. For example,
xfrnets 172.16.0.0 allows every host on network 172.16 to do zone
file transfers, while xfrnets 172.16.12.3&255.255.255.255 limits
zone file transfers to the single host 172.16.12.3.
For security reasons, many sites do not want to let everyone list all of the hostnames in their domain. xfrnets limits the ability to retrieve your entire domain to specific, trusted hosts. tcplist is an alternative form of this command maintained for compatibility with older server implementations.
fileThe include command includes the contents of file at the location
that the command appears in the boot file. This command can be used
for very large configurations that are maintained by different people.
address address ...The bogusns command prevents queries from being sent to the name server
specified by address. address must be an IP address, not
a domain name. This command is used to avoid cache contamination when
you know that a remote name server is providing incorrect informatiom.
bogusns is only a temporary fix placed in the boot file until the remote
domain administrator has a chance to fix the real problem.
name valueThe limit command changes BIND's internal quotas. value
is a number that specifies the new quota setting. k, m, or
g, for kilobytes, megabytes, and gigabytes, respectively, can be
appended to the new quota value number as appropriate. name is
the name of the quota being set. There are four possible values for
name: datasize sets the process data size quota;
[3]
transfers-in sets the number of named transfer subprocesses that BIND
may spawn at any one time; transfers-per-ns sets the maximum number
of simultaneous zone transfers allowed to any one remote nameserver.
There can be multiple limit commands in a boot file - one for each quota
that is being set.
[3] This is a kernel quota and therefore can be set only on systems that provide a kernel call to implement this.
option option ...The options command enables optional features of BIND. The option
keywords are Booleans. Specifying an option on the command line
turns on the optional behavior. By default, the optional features
are turned off. Valid option values are: query-log - logs all
queries via syslogd, which produces a very large amount of log
data. forward-only - all queries are to be sent to the forwarders;
this is exactly the same as the slave command, though this syntax is now
preferred over the slave syntax. fake-iquery - the nameserver
responds to inverse
queries with a fake reply rather than an error; used if you have some
clients that cannot properly handle the error. no-recursion - the
name server answers a query for data only in a zone for which it
is authoritative; all other queries are answered with a referral to
another server. no-fetch-glue - the
nameserver does not fetch missing glue records for a query response;
the resulting response could be incomplete; it is
used with no-recursion to limit cache growth and reduce the
chance of cache corruption.
source actionThe check-names command tells the name server to check host
names against the standards for hostnames defined in RFC 952, and to
check non-hostname responses to make sure that they contain nothing
but printable characters. The source is the source of the
hostname or string data that is being checked. The source can
be primary for the primary zone file; secondary for the
secondary zone file, or response for the message received during
recursive search. The action tells the name server what to do
when an error is detected: fail (reject the data; do not load,
cache, or forward it); warn (send an error message to the system
log); or ignore (process the data as if no error occurred).
Multiple check-names commands can appear in a boot file; one for
each source of data. The action for each source can be different.
valueThe max-fetch command performs exactly the same function as the limit transfers-in command described previously. The limit command is now the preferred syntax.
At this writing, an experimental named.boot command is supported in some configurations:
domain-name server-address-list file-nameThis command declares that this is a "stub" server for the domain specified
by domain-name. The stub information is loaded from a server
specified in the server-address-list and is stored in the file
identified by file-name. The format of the stub command is
the same as the secondary command and the functions of the fields
in the command are the same. However, the stub command has very
limited applicability. It is only used on a primary host that is not
secondary for its subordinate domains. In that limited case, it is used
to ensure that the primary host has the correct NS records for its
subordinate domains.
There is a named.boot command that is no longer widely supported. You'll occasionally encounter descriptions of it in material written about name service, and for that reason it's discussed here. But don't use it in your configurations. It is:
|  | |
| C.1 The named Command |  | C.3 Zone File Records |