named.conf

bind-3.2.

/*
 * Copyright (C) 1999-2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: named.conf,v 1.55 2001/06/08 19:06:22 gson Exp $ */

/*
 * This is a worthless, nonrunnable example of a named.conf file that has
 * every conceivable syntax element in use.  We use it to test the parser.
 * It could also be used as a conceptual template for users of new features.
 */

/*
 * C-style comments are OK
 */

// So are C++-style comments

# So are shell-style comments

// watch out for ";" -- it's important!

options {
	additional-from-auth true;
	additional-from-cache false;

	version "my version string";
	random-device "/dev/random";
	directory "/tmp";

	port 666;

	sig-validity-interval 33;

# Obsolete
	named-xfer "/usr/libexec/named-xfer";	// _PATH_XFER

	dump-file "named_dump.db";  	// _PATH_DUMPFILE
	pid-file "/var/run/named.pid";  // _PATH_PIDFILE
	statistics-file "named.stats";  // _PATH_STATS
	memstatistics-file "named.memstats";	// _PATH_MEMSTATS

	max-cache-ttl 999;
	auth-nxdomain yes;		// always set AA on NXDOMAIN.
					// don't set this to 'no' unless
					// you know what you're doing -- older
					// servers won't like it.

# Obsolete
	deallocate-on-exit no;

	dialup yes;

# Obsolete
	fake-iquery no;

	fetch-glue yes;
	has-old-clients yes;
	host-statistics no;

# Obsolete
	multiple-cnames no;		// if yes, then a name my have more
					// than one CNAME RR.  This use
					// is non-standard and is not
					// recommended, but it is available
					// because previous releases supported
					// it and it was used by large sites
					// for load balancing.

	notify yes;			// send NOTIFY messages.  You can set
					// notify on a zone-by-zone
					// basis in the "zone" statement
					// see (below)
	recursion yes;
	rfc2308-type1	no;

# Obsolete
	use-id-pool yes;

# Obsolete
	treat-cr-as-space yes;

	also-notify { 10.0.2.3; };

	// The "forward" option is only meaningful if you've defined
	// forwarders.  "first" gives the normal BIND
	// forwarding behavior, i.e. ask the forwarders first, and if that
	// doesn't work then do the full lookup.  You can also say
	// "forward only;" which is what used to be specified with
	// "slave" or "options forward-only".  "only" will never attempt
	// a full lookup; only the forwarders will be used.
	forward first;
	forwarders {
		1.2.3.4;
		5.6.7.8;
	};

	check-names master fail;
	check-names slave warn;
	check-names response ignore;

	allow-query { any; };
	allow-transfer { any; };
	allow-recursion { !any; };
	blackhole { 45/24; };

	listen-on {
		10/24;
		10.0.0.3;
	};

	listen-on port 53 { any; };

	listen-on { 5.6.7.8; };

	listen-on port 1234 {
		!1.2.3.4;
		1.2.3/24;
	};

	listen-on-v6 {
		1:1:1:1:1:1:1:1;
	};

	listen-on-v6 port 777 {
		2:2:2:2:2:2:2:2;
	};

	query-source-v6 address 8:7:6:5:4:3:2:1 port *;
	query-source port * address 10.0.0.54  ;

	lame-ttl 444;

	max-transfer-time-in 300;
	max-transfer-time-out 10;
	max-transfer-idle-in 100;
	max-transfer-idle-out 11;

	max-retry-time 1234;
	min-retry-time 1111;
	max-refresh-time 888;
	min-refresh-time 777;
 
	max-ncache-ttl 333;
	min-roots 15;
	serial-queries 34;

	transfer-format one-answer;

	transfers-in 10;
	transfers-per-ns 2;
	transfers-out 0;

	transfer-source 10.0.0.5;
	transfer-source-v6 4:3:2:1:5:6:7:8;

	request-ixfr yes;
	provide-ixfr yes;

# Now called 'provide-ixfr'
#    maintain-ixfr-base no;   // If yes, keep transaction log file for IXFR

	max-ixfr-log-size 20m;
	coresize 100;
	datasize 101;
	files 230;
	max-cache-size 1m;
	stacksize 231;
	cleaning-interval 1000;
	heartbeat-interval 1001;
	interface-interval 1002;
	statistics-interval 1003;

	topology {
		10/8;

		!1.2.3/24;

		{ 1.2/16; 3/8; };


	};

	sortlist { 10/8; 11/8; };

	tkey-domain	"foo.com";
	tkey-dhkey	"xyz" 666 ;

	rrset-order {
		class IN type A name "foo" order random;
		order cyclic;
	};
};

/*
 * Control listeners, for "ndc".  Every nameserver needs at least one.
 */
controls {
	// 'inet' lines without a 'port' defaults to 'port 953'
	// 'keys' must be used and the list must have at least one entry
	inet * port 52 allow { any; } keys { "key2"; };
	unix "/var/run/ndc" perm 0600 owner 0 group 0;	// ignored by named.
	inet 10.0.0.1 allow { any; key foo; } keys { "key4";};
	inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
	inet 10.0.0.2 allow { none; };
};

zone "master.demo.zone" {
	type master;			// what used to be called "primary"
	database "somedb -option1 -option2 arg1 arg2 arg3";
	file "master.demo.zone";
	check-names fail;
	allow-update { none; };
	allow-update-forwarding { 10.0.0.5; !any; };
	allow-transfer { any; };
	allow-query { any; };
	sig-validity-interval 990;
	notify explicit;
	also-notify {  1.0.0.1; };	// don't notify any nameservers other
					// than those on the NS list for this
					// zone
	forward first;
	forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
};

zone "slave.demo.zone" {
	type slave;			// what used to be called "secondary"
	file "slave.demo.zone";
	ixfr-base  "slave.demo.zone.ixfr";  // File name for IXFR transaction log file
	masters {
		1.2.3.4 port 10 key "foo"; // where to zone transfer from
		5.6.7.8;
		6.7.8.9 key "zippo";
	};
	transfer-source 10.0.0.53;	// fixes multihoming problems
	check-names warn;
	allow-update { none; };
	allow-transfer { any; };
	allow-update-forwarding { any; };
	allow-query { any; };
	max-transfer-time-in 120;	// if not set, global option is used.
	max-transfer-time-out 1;	// if not set, global option is used.
	max-transfer-idle-in 2;	// if not set, global option is used.
	max-transfer-idle-out 3;	// if not set, global option is used.
	also-notify { 1.0.0.2; };
	forward only;
	forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
};

key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; };

view "test-view" in {
	key "viewkey" { algorithm "xxx" ; secret "eXl5" ; };
	also-notify { 10.2.2.3; };
	trusted-keys {
		foo.com. 4 3 2 "abdefghijklmnopqrstuvwxyz";
	};
	sig-validity-interval 45;
	max-cache-size 100000;
	allow-query { 10.0.0.30;};
	additional-from-cache false;
	additional-from-auth no;
	match-clients { 10.0.0.1 ; };
	check-names master warn;
	check-names slave ignore;
	check-names response fail;
	auth-nxdomain false;
	recursion true;
	provide-ixfr false;
	request-ixfr true;
	fetch-glue true;
	notify false;
	rfc2308-type1 false;
	transfer-source 10.0.0.55;
	transfer-source-v6 4:3:8:1:5:6:7:8;
	query-source port * address 10.0.0.54  ;
 	query-source-v6 address 6:6:6:6:6:6:6:6 port *;
	max-transfer-time-out 45;
	max-transfer-idle-out 55;
	cleaning-interval 100;
	min-roots 3;
	lame-ttl 477;
	max-ncache-ttl 333;
	max-cache-ttl 777;
	transfer-format many-answers;
	max-retry-time 7;
	min-retry-time 4;
	max-refresh-time 999;
	min-refresh-time 111;
 
	zone "view-zone.com" {
		type master;
		allow-update-forwarding { 10.0.0.34;};
		file "view-zone-master";
	};

	server 5.6.7.8 {
		keys "viewkey";
	};