options Statement
options {
[ directory "path_name"; ]
[ named-xfer "path_name"; ]
[ dump-file "path_name"; ]
[ memstatistics-file "path_name"; ]
[ pid-file "path_name"; ]
[ statistics-file "path_name"; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no; ]
[ recursion yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { [ in_addr ; [ in_addr ; ... ] ] }; ]
[ check-names ( master | slave | response ) ( warn | fail | ignore); ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ] ; ]
[ max-transfer-time-in number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
[ stacksize size_spec ; ]
[ cleaning-interval number; ]
[ interface-interval number; ]
[ statistics-interval number; ]
[ topology { address_match_list }; ]
};
The options statement sets up global options for BIND to use.
This statement may appear only one time in a
configuration file; if more than one occurrence is found, the
first occurrence determines the actual options used,
and a warning will be generated. If there is no options
statement, an options block with each option set to its default will be used.
directory
named.run) is this directory. If a directory is not
specified, the working directory defaults to ".", the directory from which the
server was started. The directory specified should be an absolute path.
named-xfer
named-xfer program that the server uses for
inbound zone transfers. If not specified, the default is operating
system dependent (for example, /usr/sbin/named-xfer).
dump-file
SIGINT signal. If not
specified, the default is named_dump.db.
memstatistics-file
deallocate-on-exit is yes. If not
specified, the default is named.memstats.
pid-file
/var/run/named.pid. You use the pid
file if you want to send signals to the running named daemon.
statistics-file
SIGILL signal. If not
specified, the default is named.stats.
auth-nxdomain
yes, the AA bit is always set on
NXDOMAIN responses, even if the server is not actually authoritative.
The default is yes. Do not turn off
auth-nxdomain unless you are sure you know what you are
doing: some older software may be problematic.
deallocate-on-exit
yes, when the server exits, it deallocates every object it
allocated, and then writes a memory usage report to
the memstatistics-file. The default is no, because
it is faster to let the operating system clean up. The
deallocate-on-exit option is useful for detecting memory leaks.
fake-iquery
yes, the server will simulate the obsolete DNS query type
IQUERY. The default is no.
fetch-glue
yes (the default), the server will fetch "glue" resource
records it does not have when constructing the additional data section of
a response. You can use the fetch-glue no option in
conjunction with the recursion no option to prevent the
server's cache from growing or becoming corrupted (at the cost of
requiring more work from the client).
multiple-cnames
yes, multiple CNAME resource records will be
allowed for a domain name. The default is no. Allowing
multiple CNAME records is against standards and is not recommended.
Multiple CNAME support is available because previous versions of BIND
allowed multiple CNAME records, and these records have been used for load
balancing by a number of sites.
notify
yes (the default), DNS NOTIFY messages are sent when a
zone the server is authoritative for changes. The use of NOTIFY
speeds convergence between the master and its slaves. Slave servers
that receive a NOTIFY message and understand it will contact the
master server for the zone to see if they need to do a zone transfer;
if they do, they will initiate it immediately. The notify
option may also be specified in the zone statement, in which
case it overrides the options notify statement.
recursion
yes, and a DNS query requests recursion, the
server will attempt to do all the work required to answer the query.
If recursion is not on, the server will return a referral to the
client if it does not know the answer. The default is yes.
See also the fetch-glue option.
You can use the forwarding facility to create a large sitewide cache on a few servers, reducing traffic over links to external nameservers. You can also use it to allow queries by servers that do not have direct access to the Internet but wish to look up exterior names anyway. Forwarding occurs only on those queries for which the server is not authoritative and does not have the answer in its cache.
forward
forwarders list is
not empty. A value of first, the default, causes the
server to query the forwarders first, and if that does not answer the
question the server will then look for the answer itself. If
only is specified, the server queries only the
forwarders.
forwarders
The server can check domain names based upon their expected client contexts. For example, a domain name used as a host name can be checked for compliance with the RFCs defining valid host names.
The following checking methods are available:
ignore
warn
fail
The server can check names in three areas: master zone files, slave
zone files, and in responses to queries the server has initiated. If you
specify check-names response fail, and
answering the client's question would require sending an invalid name
to the client, the server will send a REFUSED response code to the
client.
The defaults are:
check-names master ignore;
check-names slave ignore;
check-names response ignore;
You can also specify the check-names option in the
zone statement, in which case it overrides the
options check-names statement. When used in a
zone statement, the area is not
specified (because it can be deduced from the zone type).
Access Control
You can restrict access to the server based on the IP address of the requesting system. See address_match_list for details on how to specify IP address lists.
allow-query
allow-query option in the
zone statement, in which case it overrides the
options allow-query statement. If not specified, the default is
to allow queries from all hosts.
allow-transfer
allow-transfer option in the
zone statement, in which case it overrides the
options allow-transfer statement. If not specified, the default
is to allow transfers from all hosts.
The interfaces and ports that the server will answer queries from may
be specified using the listen-on option. The
listen-on option takes an optional port and an
address_match_list. The server will
listen on all interfaces allowed by the address match list. If a port is
not specified, port 53 will be used.
Multiple listen-on phrases are allowed. For example:
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
If no listen-on phrase is specified, the server listens on port
53 on all interfaces.
Query Address
If the server does not know the answer to a question, it will query
other nameservers. The query-source option specifies the address
and port used for such queries. If address is
* or is omitted, a wildcard IP address
(INADDR_ANY) will be used. If port is
* or is omitted, a random unprivileged port will be used.
The default is:
query-source address * port *;
Note: query-source currently applies only to UDP queries.
TCP queries always use a wildcard IP address and a random unprivileged
port.
Zone Transfers
max-transfer-time-in
named-xfer processes) running
longer than this many minutes will be terminated. The default is 120
minutes (2 hours).
transfer-format
one-answer
many-answers
transfer-format option on a per-server
basis by using the server statement.
transfers-in
transfers-in may speed up the convergence of slave zones,
but it also may increase the load on the local system.
transfers-out
transfers-per-ns
named-xfer
processes) that can be concurrently transferring from a given remote
nameserver. The default value is 2. Increasing
The transfers-per-ns option may speed up the convergence of slave
zones, but it also may increase the load on the remote nameserver.
You can override the transfers-per-ns option on a per-server basis
by using the transfers option of the server
statement.
The server's usage of many system resources can be limited. Some operating systems do not support some of the limits and a warning will be generated if an unsupported limit is set in the configuration file.
Scaled values are allowed when specifying resource limits. For
example, you can use 1G instead of
1073741824 to specify a limit of one gigabyte.
The unlimited option requests unlimited use, or the maximum
available amount. The default option uses the limit that was in
force when the server was started. See
coresize
default.
datasize
default.
files
unlimited.
stacksize
default.
cleaning-interval
cleaning-interval minutes. The default is 60 minutes. If set
to 0, no periodic cleaning occurs.
interface-interval
interface-interval minutes. The default is 60 minutes.
If set to 0, interface scanning occurs only when the configuration
file is loaded. After the scan, listeners will be started on any new
interfaces (provided they are allowed by the listen-on
configuration). Listeners on interfaces that have gone away will be
cleaned up.
statistics-interval
statistics-interval
minutes. The default is 60. If set to 0, no statistics are logged.
Typically, when the server chooses a nameserver
to query from a list of nameservers, it prefers the one that is
topologically closest to itself. The topology statement
takes an address_match_list
and interprets it in a special way. Each top-level list element is
assigned a distance. Nonnegated elements get a distance based on
their position in the list, where the closer the match is to the start
of the list, the shorter the distance is between it and the server. A
negated match will be assigned the maximum distance from the server.
If there is no match, the address will get a distance that is farther
than any nonnegated list element, and closer than any negated
element.
The following example prefers servers on network 10 the most, followed by hosts on network 1.2.0.0 (netmask 255.255.0.0), and network 3, with the exception of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least of all:
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
The default topology is:
topology { localhost; localnets; };