📄 named.conf
字号:
server 10.9.8.7 { keys "non-viewkey"; }; dialup yes;};zone "stub.demo.zone" { type stub; // stub zones are like slave zones, // except that only the NS records // are transferred. dialup yes; file "stub.demo.zone"; masters { 1.2.3.4 ; // where to zone transfer from 5.6.7.8 port 999; }; check-names warn; allow-update { none; }; allow-transfer { any; }; allow-query { any; }; max-retry-time 10; min-retry-time 11; max-refresh-time 12; min-refresh-time 13; max-transfer-time-in 120; // if not set, global option is used. pubkey 257 255 1 "a useless key"; pubkey 257 255 1 "another useless key";};zone "." { type hint; // used to be specified w/ "cache" file "cache.db";// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";};trusted-keys { "." 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";};acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 // is disallowed; rest are OKacl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed // by can_query are OKzone "disabled-zone.com" { type master; file "bar"; max-retry-time 100; min-retry-time 110; max-refresh-time 120; min-refresh-time 130;};zone "non-default-acl.demo.zone" { type master; file "foo"; allow-query { can_query; }; allow-transfer { can_axfr; }; allow-update { 1.2.3.4; 5.6.7.8; }; pubkey 666 665 664 "key of the beast"; // Errors trapped by parser: // identity or name not absolute // 'wildcard' match type and no wildcard character in name // // issues: // - certain rdatatype values (such as "key") are config file keywords and // must be quoted or a syntax error will occur. // update-policy { grant root.domain. subdomain host.domain. A MX CNAME; grant sub.root.domain. wildcard *.host.domain. A; grant root.domain. name host.domain. a ns md mf cname soa mb mg mr "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx cert a6 dname opt unspec tkey tsig ; grant foo.bar.com. self foo.bar.com. a; };};key sample_key { // for TSIG; supported by parser algorithm hmac-md5; // but not yet implemented in the secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server};key key2 { algorithm hmac-md5; secret "ZXJlaCB0ZXJjZXMgcm91eQ==";};acl key_acl { key sample_key; }; // a request signed with sample_keyserver 1.2.3.4 { request-ixfr no; provide-ixfr no; bogus no; // if yes, we won't query or listen // to this server transfer-format one-answer; // set transfer format for this // server (see the description of // 'transfer-format' above) // if not specified, the global option // will be used transfers 0; // not implemented keys { "sample_key" }; // for TSIG; supported by the parser // but not yet implemented in the // rest of the server# Now called 'request-ixfr'# support-ixfr yes; // for IXFR supported by server // if yes, the listed server talks IXFR};logging { /* * All log output goes to one or more "channels"; you can make as * many of them as you want. */ channel syslog_errors { // this channel will send errors or syslog user; // or worse to syslog (user facility) severity error; }; channel stderr_errors { stderr; }; /* * Channels have a severity level. Messages at severity levels * greater than or equal to the channel's level will be logged on * the channel. In order of decreasing severity, the levels are: * * critical a fatal error * error * warning * notice a normal, but significant event * info an informational message * debug 1 the least detailed debugging info * ... * debug 99 the most detailed debugging info */ /* * Here are the built-in channels: * * channel default_syslog { * syslog daemon; * severity info; * }; * * channel default_debug { * file "named.run"; // note: stderr is used instead * // of "named.run" if the server * // is started with the "-f" * // option. * severity dynamic; // this means log debugging * // at whatever debugging level * // the server is at, and don't * // log anything if not * // debugging. * }; * * channel null { // this is the bit bucket; * file "/dev/null"; // any logging to this channel * // is discarded. * }; * * channel default_stderr { // writes to stderr * file "<stderr>"; // this is illustrative only; * // there's currently no way * // of saying "stderr" in the * // configuration language. * // i.e. don't try this at home. * severity info; * }; * * default_stderr only works before the server daemonizes (i.e. * during initial startup) or when it is running in foreground * mode (-f command line option). */ /* * There are many categories, so you can send the logs * you want to see wherever you want, without seeing logs you * don't want. Right now the categories are * * default the catch-all. many things still * aren't classified into categories, and * they all end up here. also, if you * don't specify any channels for a * category, the default category is used * instead. * config high-level configuration file * processing * parser low-level configuration file processing * queries what used to be called "query logging" * lame-servers messages like "Lame server on ..." * statistics * panic if the server has to shut itself * down due to an internal problem, it * logs the problem here (as well as * in the problem's native category) * update dynamic update * ncache negative caching * xfer-in zone transfers we're receiving * xfer-out zone transfers we're sending * db all database operations * eventlib debugging info from the event system * (see below) * packet dumps of packets received and sent * (see below) * notify the NOTIFY protocol * cname messages like "XX points to a CNAME" * security approved/unapproved requests * os operating system problems * insist consistency check failures * maintenance periodic maintenance * load zone loading * response-checks messages like * "Malformed response ..." * "wrong ans. name ..." * "unrelated additional info ..." * "invalid RR type ..." * "bad referral ..." */ category parser { syslog_errors; // you can log to as many channels default_syslog; // as you want }; category lame-servers { null; }; // don't log these at all channel moderate_debug { file "foo"; // foo severity debug 3; // level 3 debugging to file print-time yes; // timestamp log entries print-category yes; // print category name print-severity yes; // print severity level /* * Note that debugging must have been turned on either * on the command line or with a signal to get debugging * output (non-debugging output will still be written to * this channel). */ }; channel another { file "bar" versions 99 size 10M; severity info; }; channel third { file "bar" size 100000 versions unlimited; severity debug; // use default debug level }; /* * If you don't want to see "zone XXXX loaded" messages but do * want to see any problems, you could do the following. */ channel no_info_messages { syslog; severity notice; }; category load { no_info_messages; }; /* * You can also define category "default"; it gets used when no * "category" statement has been given for a category. */ category default { default_syslog; moderate_debug; }; /* * If you don't define category default yourself, the default * default category will be used. It is * * category default { default_syslog; default_debug; }; */ /* * If you don't define category panic yourself, the default * panic category will be used. It is * * category panic { default_syslog; default_stderr; }; */ /* * Two categories, 'packet' and 'eventlib', are special. Only one * channel may be assigned to each of them, and it must be a * file channel. If you don't define them yourself, they default to * * category eventlib { default_debug; }; * * category packet { default_debug; }; */};#include "filename"; // can't do within a statement⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -