mail us  |  mail this page

products  |  company  |  support  |  training  |  contact us

ZYTRAX OPEN LOGO

Blucat Banner

DNS BIND Operations Statements

This page describes statements controlling operational behavior in BIND 9.3.x. The syntax and a single example statement are provided in more complex cases additional examples are provided. Full list of statements.

avoid-v4[v6]-udp-ports

 avoid-v4-udp-ports { port; ... };
 avoid-v6-udp-ports { port; ... };

Defines a list of port numbers that will not be used by BIND when initiating queries. This list may be used to avoid ports that are blocked by a firewall. This option can be defined in the global options clause only.

check-names

 check-names (master |slave| response) (warn|fail|ignore) ;
 check-names response warn;

The check-names statement will cause any host name of the defined type to be checked for compliance with RFC 952 and RFC 1123 and result in the defined action. Care should be taken when using this statement because many modern RRs e.g. SRV use names which do not meet these standards (they contain an underscore) but are permitted by RFC 2181 which greatly liberalized the rules for names (see labels and names). The type of host name to be checked may be master in which case the host names check only applies to master zones, slave applies only to slave zones and response applies to all host names that arrive in response to a query from this server. The default is not to perform host name checks. check-names may appear in a view or options clause with this syntax and also in a zone clause where it has a different syntax.

coresize

 coresize size_in_bytes;

The maximum size in bytes (may take the case insensitive shortforms k or m) of a core dump. This statement can be used in a global options clause only.

database

 database "database-name params";

Defines information to be supplied to the database included using one of BINDs APIs. The data is enclosed in a quoted string. database-name defines the name of the included database. The params string may be any number of space-separated values and are passed as arguments to the included functions to be interpreted in a way specific to the database type. This statement can be used in a global options clause only.

datasize

 datasize size_in_bytes;

The maximum size in bytes (may take the case insensitive shortforms k or m) of memory used by the server. This is a hard limit and may stop the server from working. The statements max-cache-size and recursive-clients may be used to limit memory. This statement can be used in a global options clause only.

dialup

 dialup dialup_options;

Optimizes behavior to minimize use of connect time on dial-up links. Default is no. This option can be defined in the view, zone and options clauses.

The dialup statement's behavior concentrates activity into the heartbeat-interval and triggers notify and zone refresh operations based on the value of the dialup_option and defined in the table below:

dialup_option Normal refresh heartbeat refresh heartbeat notify Notes
no yes no no -
yes no yes yes -
notify yes no yes -
refresh no yes no -
passive no no no -
notify-passive no no yes -

directory

 directory "path_name";

directory is a quoted string defining the absolute path for the server e.g. "/var/named". All subsequent relative paths use this base directory. If no directory options is specified the directory from which BIND was loaded is used. This option may only be specified in a 'global' options statement.

dual-stack-servers

 dual-stack-servers [ port pg_num ] { ( "host" [port p_num] | 
              ipv4 [port p_num] | ipv6 [port p_num] ); ... };
 dual-stack-servers {192.168.2.3; "bill.example.net"};

Defines the IP address of one or more dual-stacked (IPv4/IPv6) servers that can be used by this server to resolve a query using a stack it does not support. In the example above if only an AAAA (IPv6) RR is returned then this server, which is assumed to support only IPv4, can use the defined servers to resolve the query since they support both stacks. On dual-stack servers it is only effective if one of the stacks has been disabled on the command line. Using pg_num will act as a global port number for all subsequent server definitions or they can be defined individually with the p_num parameters. The parameter host is a quoted string and is the FQDN of the host which must be resolvable using the default protocol which may be either IPv4 or IPv6. This statement may be used in a view or global options clause.

dump-file

 dump-file path_name;

dump-file is a quoted string defining the absolute path where BIND dumps the database (cache) in response to a rndc dumpdb. If not specified, the default is named_dump.db in the location specified by a directory option. This option may only be specified in a 'global' options statement.

edns-udp-size

 edns-udp-size size_in_bytes ;

edns-udp-size defines the size_in_bytes that the server will advertize for an EDNS UDP buffer. Valid values are 512 to 4096, values outside this range will be silently adjusted. The default value is 4096. This statement may be used in a view or global options clause.

files

 files max_files ;

The maximum number of files the server may have open concurrently. The default is unlimited. This statement may be used in a view or global options clause.

hostname

 hostname ( "host-name" | none );
 hostname "myhost";

The host-name (a quotes string) the server should report via a query of the name hostname.bind with type TXT, class CHAOS. This defaults to the host-name of the machine hosting the name server as found by gethostname(). Using dig this information may be easily discovered. Specifying none disables processing of the queries. This statement may be used in a view or global options clause.

key-directory

key-directory path_name;

key-directory is a quoted string defining the absolute path, for example, "/var/named/keys" where the keys used in the dynamic update of secure zones may be found. Only required if this directory is different from that defined by a directory option. This statement may only be used in a global options clause.

lame-ttl

 lame-ttl seconds;
 lame-ttl 1800;

lame-ttl defines the number of seconds to cache lame delegations or lame servers, that is, servers which should be authoritative (obtained via a referral or delegation from a parent) but do not respond as authoritative. The value 0 disables caching and is NOT recommended, the default is 600 (10 minutes) and the maximum value is 1800 (30 minutes). This statement may be used in a view or global options clause.

listen-on

 listen-on [ port ip_port ] { address_match_list };

listen-on defines the port and IP address(es) on which BIND will listen for incoming queries. The default is port 53 on all server interfaces. Multiple listen-on statements are allowed. This statement may only be used in a global options clause.

listen-on-v6

 listen-on-v6 [ port ip_port ] { address_match_list };

listen-on-v6 turns on BIND to listen for IPv6 queries. If this statement is not present the server will not listen for any IPv6 traffic - which is the default. If the OS supports RFC 3493 and RFC 3542 compliant IPv6 sockets and the address_match_list uses the special any name then a single listen is issued to the wildcard address. If the OS does not support this feature a socket is opened for every required address and port. The port default is 53. Multiple listen-on-v6 statements are allowed. This statement may only be used in a global options clause. Do not try to start bind with the -4 argument when you use this statement.

options {
....
    // turns on IPv6 for port 53
    listen-on-v6 {any;};
    // turns off IPv6 
    listen-on-v6 {none;};
    // turns on IPv6 for port 53 for 16 IP range
    listen-on-v6 {2001:db8::/124;};
};

match-mapped-addresses

 match-mapped-addresses yes | no ;
 match-mapped-addresses no;

If yes indicates that an address_match_list containing an IPv4 address will be checked against an IPv4 mapped IPv6 address. This feature can incur significant CPU overheads and should only be used as a workaround where the OS software accepts such connections. This statement may only be used in a global options clause.

max-cache-size

 max-cache-size size_in_bytes;

max-cache-size defines the maximum amount of memory to use for the server's cache, in bytes (case insensitive shortforms of k or m are allowed). When the amount of data in the cache reaches this limit, the server will cause records to expire prematurely so that the limit is not exceeded. In a server with multiple views, the limit applies separately to the cache of each view. The default is unlimited, meaning that records are purged from the cache only when their TTLs expire. This statement may be used in view or a global options clause.

max-cache-ttl

 max-cache-ttl seconds;

max-cache-ttl sets the maximum time (in seconds) for which the server will cache positive answers (negative answers NXDOMAIN is defined by max-ncache-ttl). The default is one week (7 days). This statement may be used in view or a global options clause.

max-ncache-ttl

 max-ncache-ttl seconds;

max-ncache-ttl sets the maximum time (in seconds) for which the server will cache negative (NXDOMAIN) answers (positives are defined by max-cache-ttl). The default max-ncache-ttl is 10800 seconds (3 hours). max-ncache-ttl cannot exceed 7 days and will be silently truncated to 7 days if set to a greater value. This statement may be used in view or a global options clause.

memstatistics-file

 memstatistics-file "file-name";
 memstatistics-file "/var/stats/named/bind.stats";

This statement defines the file-name to which BIND memory usage statistics will be written when it exits. May be an absolute or relative (to directory) path. If the parameter is not present the stats are written to named.memstats in the path defined by directory or its default. This statement may only be used in a global options clause.

pid-file

 pid-file "path_name" ;
 pid-file "/var/named/named.pid";

pid-file is a quoted string and allows you to define where the pid (Process Identifier) used by BIND is written. If not present it is distribution or OS specific typically /var/run/named.pid or /etc/named.pid. It may be defined using an absolute path or relative to the directory parameter. This statement may only be used in a global options clause.

port

 port ip_port ;
 port 1175;

ip_port allows the user to define on which port BIND will provide UDP or TCP services. The default is 53. This option is intended primarily for testing and setting it to a non-standard value will not allow the server to communicate with 'normal' DNS systems. This statement may only be used in a global options clause and must come before any other option which defines ports or IP addresses.

preferred-glue

 preferred-glue A | AAAA;
 preferred-glue AAAA;

Defines the order of preference in which glue records will be listed in the additional section of the response. If not specified they will be listed in the order they appear in the zone file. This statement may be used in view or a global options clause.

querylog

 querylog yes | no ;
 querylog yes;

This statement may override the setting of the logging clause and controls whether query logging should be started when named starts. If querylog is not specified then query logging is controlled by the logging category queries. This statement may only be used in a global options clause.

recursing-file

 recursing-file "file-name";
 recursing-file "bind.recurse";

This statement defines the file-name to which data will be written when the command rndc recursing is issued. May be an absolute or relative (to directory) path. If the parameter is not present the information is written to named.recursing in the path defined by directory or its default. This statement may only be used in a global options clause.

server-id

 server-id ( "id-string" | none );
 server-id none;

The ID the server will return via a query for ID.SERVER with type TXT, under class CH (CHAOS). Specifying none disables processing of the queries otherwise it will return id-string. The default is none. This statement may only be used in a global options clause.

stacksize

 stacksize size_in_bytes;
 stacksize 10k;

The maximum size in bytes (may take the case insensitive shortforms k or m) of the stack memory used by the server. This is a hard limit and may stop the server from working. The default is none. This statement may only be used in a global options clause.

statistics-file

 statistics-file "file-name";
 statistics-file "bind.stats";

This statement defines the file-name to which data will be written when the command rndc stats is issued. May be an absolute or relative (to directory) path. If the parameter is not present the information is written to named.stats in the path defined by directory or its default. This statement may only be used in a global options clause.

tcp-clients

 tcp-clients number ;
 tcp-clients 20;

By default DNS uses UDP port 53 for queries but is defined to allow both TCP and UDP. The tcp-clients allows the user to define the maximum number of TCP connections to be supported. The BIND 9 default is 100. This statement may only be used in a global options clause.

tcp-listen-queue

 tcp-listen-queue number;
 tcp-listen-queue 7;

Controls how many TCP listen operations are queued for incoming zone transfers. The default and minimum is 3. Depending on OS features this also controls how many TCP connections that will be queued in kernel space waiting for some data before being passed to accept. Values less than 3 will be silently raised. This statement may only be used in a global options clause.

version

 version "version_string" ;
 version "Get Lost Pal";

version specifies the string that will be returned to a version.bind query when using the chaos class only. version_string is a quoted string, for example, "get lost" or something equally to the point. We tend to use it in all named.conf files to avoid giving out a version number such that an attacker can exploit known version-specific weaknesses. This statement may only be used in a global options clause.

zone-statistics

 zone-statistics yes | no ;
 zone-statistics no;

This statement defines whether zone statistics will be maintained. The default is no. The zone statistics may be accessed using rndc stats. This statement may be used in view, zone or a global options clause.



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 dns records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfc's
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

web zytrax.com

Share Page

share page via facebook tweet this page submit page to stumbleupon submit page to reddit.com

Page Features

Page comment feature Send to a friend feature print this page Decrease font size Increase font size

RSS Feed Icon RSS Feed

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Applications

LibreOffice
OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation

Organisations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

SPF Resources

Draft RFC
SPF Web Site
SPF Testing
SPF Testing (member only)

Display full width page Full width page

Print this page Print this page

SPF Record Conformant Domain Logo

Copyright © 1994 - 2014 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: January 08 2014.