options {
- directory "/etc/namedb"; // Working directory
- pid-file "named.pid"; // Put pid file in working dir
- allow-query { any; }; // This is the default
- recursion no; // Do not provide recursive service
+ directory "/etc/namedb"; // Working directory
+ pid-file "named.pid"; // Put pid file in working dir
+ allow-query { any; }; // This is the default
+ recursion no; // Do not provide recursive service
};
// Root server hints
zone "." { type hint; file "root.hint"; };
@@ -744,7 +744,7 @@ CLASS="command"
CLASS="command"
>named-checkconf program
- checks the syntax of a named.conf file.named-checkzone program checks a master file for
- syntax and consistency.class
- [rndc
- supports all the commands of the BIND 8 ndc
- utility except ndc start, which was also
- not supported in ndc's channel mode.
controls {
- inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
+ inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
bastion-ips-go-here;
};
- allow-transfer { none; }; // sample allow-transfer (no one)
- allow-query { internals; externals; }; // restrict query access
- allow-recursion { internals; }; // restrict recursion
+ allow-transfer { none; }; // sample allow-transfer (no one)
+ allow-query { internals; externals; }; // restrict query access
+ allow-recursion { internals; }; // restrict recursion
...
...
};
-zone "site1.example.com" { // sample slave zone
+zone "site1.example.com" { // sample slave zone
type master;
file "m/site1.example.com";
- forwarders { }; // do normal iterative
- // resolution (do not forward)
+ forwarders { }; // do normal iterative
+ // resolution (do not forward)
allow-query { internals; externals; };
allow-transfer { internals; };
};
@@ -581,14 +581,14 @@ acl externals { bastion-ips-go-here; };
options {
...
...
- allow-transfer { none; }; // sample allow-transfer (no one)
- allow-query { internals; externals; }; // restrict query access
- allow-recursion { internals; externals; }; // restrict recursion
+ allow-transfer { none; }; // sample allow-transfer (no one)
+ allow-query { internals; externals; }; // restrict query access
+ allow-recursion { internals; externals; }; // restrict recursion
...
...
};
-zone "site1.example.com" { // sample slave zone
+zone "site1.example.com" { // sample slave zone
type master;
file "m/site1.foo.com";
allow-query { any; };
@@ -1427,7 +1427,7 @@ NAME="AEN981"
>
$ORIGIN example.com.
-host 3600 IN AAAA 3ffe:8050:201:1860:42::1
+host 3600 IN AAAA 3ffe:8050:201:1860:42::1
While their use is deprecated, they are useful to support
@@ -1452,7 +1452,7 @@ NAME="AEN986"
>
$ORIGIN example.com.
-host 3600 IN A6 0 3ffe:8050:201:1860:42::1
+host 3600 IN A6 0 3ffe:8050:201:1860:42::1
In the company's address space:
$ORIGIN example.com.
-host 3600 IN A6 64 0:0:0:0:42::1 company.example1.net.
-host 3600 IN A6 64 0:0:0:0:42::1 company.example2.net.
+>
$ORIGIN example.com.
+host 3600 IN A6 64 0:0:0:0:42::1 company.example1.net.
+host 3600 IN A6 64 0:0:0:0:42::1 company.example2.net.
ISP1 will use:
$ORIGIN example1.net.
-company 3600 IN A6 0 3ffe:8050:201:1860::
+company 3600 IN A6 0 3ffe:8050:201:1860::
ISP2 will use:
$ORIGIN example2.net.
-company 3600 IN A6 0 1234:5678:90ab:fffa::
+company 3600 IN A6 0 1234:5678:90ab:fffa::
When
$ORIGIN example.com.
-@ 14400 IN NS ns0
- 14400 IN NS ns1
-ns0 14400 IN A6 0 3ffe:8050:201:1860:42::1
-ns1 14400 IN A 192.168.42.1
+@ 14400 IN NS ns0
+ 14400 IN NS ns1
+ns0 14400 IN A6 0 3ffe:8050:201:1860:42::1
+ns1 14400 IN A 192.168.42.1
It is recommended that IPv4-in-IPv6 mapped addresses not
@@ -1558,7 +1558,7 @@ CLASS="literal"
>
$ORIGIN 0.6.8.1.1.0.2.0.0.5.0.8.e.f.f.3.ip6.int.
-1.0.0.0.0.0.0.0.0.0.0.0.2.4.0.0 14400 IN PTR host.example.com.
+1.0.0.0.0.0.0.0.0.0.0.0.2.4.0.0 14400 IN PTR host.example.com.
$ORIGIN \[x3ffe805002011860/64].ip6.arpa.
-\[x0042000000000001/64] 14400 IN PTR host.example.com.
+\[x0042000000000001/64] 14400 IN PTR host.example.com.
$ORIGIN example.com.
-host IN A6 64 ::1234:5678:1212:5675 cust1.example.net.
- IN A6 64 ::1234:5678:1212:5675 subnet5.example2.net.
+host IN A6 64 ::1234:5678:1212:5675 cust1.example.net.
+ IN A6 64 ::1234:5678:1212:5675 subnet5.example2.net.
$ORIGIN example.net.
-cust1 IN A6 48 0:0:0:dddd:: ipv6net.example.net.
-ipv6net IN A6 0 aa:bb:cccc::
+cust1 IN A6 48 0:0:0:dddd:: ipv6net.example.net.
+ipv6net IN A6 0 aa:bb:cccc::
$ORIGIN example2.net.
-subnet5 IN A6 48 0:0:0:1:: ipv6net2.example2.net.
-ipv6net2 IN A6 0 6666:5555:4::
+subnet5 IN A6 48 0:0:0:1:: ipv6net2.example2.net.
+ipv6net2 IN A6 0 6666:5555:4::
This sets up forward lookups. To handle the reverse lookups,
@@ -1640,7 +1640,7 @@ would have:
$ORIGIN \[x00aa00bbcccc/48].ip6.arpa.
-\[xdddd/16] IN DNAME ipv6-rev.example.com.
+\[xdddd/16] IN DNAME ipv6-rev.example.com.
and
$ORIGIN \[x666655550004/48].ip6.arpa.
-\[x0001/16] IN DNAME ipv6-rev.example.com.
+\[x0001/16] IN DNAME ipv6-rev.example.com.
$ORIGIN ipv6-rev.example.com.
-\[x1234567812125675/64] IN PTR host.example.com.
+\[x1234567812125675/64] IN PTR host.example.com.
channel "default_syslog" {
- syslog daemon; // end to syslog's daemon
- // facility
- severity info; // only send priority info
- // and higher
+ syslog daemon; // end to syslog's daemon
+ // facility
+ severity info; // only send priority info
+ // and higher
};
channel "default_debug" {
- file "named.run"; // write to named.run in
- // the working directory
- // Note: stderr is used instead
- // of "named.run"
- // if the server is started
- // with the '-f' option.
- severity dynamic; // log at the server's
- // current debug level
+ file "named.run"; // write to named.run in
+ // the working directory
+ // Note: stderr is used instead
+ // of "named.run"
+ // if the server is started
+ // with the '-f' option.
+ severity dynamic; // log at the server's
+ // current debug level
};
-channel "default_stderr" { // writes to stderr
+channel "default_stderr" { // writes to stderr
stderr;
- severity info; // only send priority info
- // and higher
+ severity info; // only send priority info
+ // and higher
};
channel "null" {
- null; // toss anything sent to
- // this channel
+ null; // toss anything sent to
+ // this channel
};
sortlist {
- { localhost; // IF the local host
- { localnets; // THEN first fit on the
- 192.168.1/24; // following nets
+ { localhost; // IF the local host
+ { localnets; // THEN first fit on the
+ 192.168.1/24; // following nets
{ 192.168.2/24; 192.168.3/24; }; }; };
- { 192.168.1/24; // IF on class C 192.168.1
- { 192.168.1/24; // THEN use .1, or .2 or .3
+ { 192.168.1/24; // IF on class C 192.168.1
+ { 192.168.1/24; // THEN use .1, or .2 or .3
{ 192.168.2/24; 192.168.3/24; }; }; };
- { 192.168.2/24; // IF on class C 192.168.2
- { 192.168.2/24; // THEN use .2, or .1 or .3
+ { 192.168.2/24; // IF on class C 192.168.2
+ { 192.168.2/24; // THEN use .2, or .1 or .3
{ 192.168.1/24; 192.168.3/24; }; }; };
- { 192.168.3/24; // IF on class C 192.168.3
- { 192.168.3/24; // THEN use .3, or .1 or .2
+ { 192.168.3/24; // IF on class C 192.168.3
+ { 192.168.3/24; // THEN use .3, or .1 or .2
{ 192.168.1/24; 192.168.2/24; }; }; };
- { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
+ { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
};
};chroot() environment to
-work properly in a particular directory (for example, /var/named),
@@ -286,44 +287,42 @@ you will need to set up an environment that includes everything
BIND needs to run. From needs to run.
+From BIND's point of view, /var/named is
-the root of the filesystem. You will need /dev/null,
-and any library directories and files that BIND needs to run on
-your system. Please consult your operating system's instructions
-if you need help figuring out which library files you need to copy
-over to the chroot() sandbox.
directory and pid-file to account
+for this.
+If you are running an operating system that supports static
-binaries, you can also compile BIND statically and avoid the need
-to copy system libraries over to your
Unlike with earlier versions of BIND, you will typically
+not need to compile chroot() sandbox.
named
+statically nor install shared libraries under the new root.
+7.2.2. Using the setuidchown utility (to
-set the user id and/or group id) on files to which you want BIND
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 3098b49593..d8349d1b40 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -78,17 +78,17 @@ CLASS="TOC"
>8.1. Common Problems 8.2. Incrementing and Changing the Serial Number 8.3. Where Can I Get Help? 8.1. Common Problems
8.1.1. It's not working; how can I figure out what's wrong?
8.2. Incrementing and Changing the Serial Number
8.3. Where Can I Get Help?
A.1. Acknowledgements A.3. General DNSA.1. Acknowledgements
A.1.1. A Brief History of the DNSA.2.1.1. HS = hesiod
A.2.1.2. CH = chaos
A.3. General DNSBibliography
Standards
[RFC974] [RFC1034] [RFC1035] [RFC2181] [RFC2308] [RFC1995] [RFC1996] [RFC2136] [RFC2845] Proposed Standards Still Under Development
[RFC1886] [RFC2065] [RFC2137] Other Important RFCs About DNS[RFC1535] [RFC1536] [RFC1982] Resource Record Types