summaryrefslogtreecommitdiffstats
path: root/contrib/bind/doc/html/options.html
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind/doc/html/options.html')
-rw-r--r--contrib/bind/doc/html/options.html864
1 files changed, 0 insertions, 864 deletions
diff --git a/contrib/bind/doc/html/options.html b/contrib/bind/doc/html/options.html
deleted file mode 100644
index 9e3c0da..0000000
--- a/contrib/bind/doc/html/options.html
+++ /dev/null
@@ -1,864 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND options Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide -- <CODE>options</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-options {
- [ hostname <VAR>hostname_string</VAR>; ]
- [ version <VAR>version_string</VAR>; ]
- [ directory <VAR>path_name</VAR>; ]
- [ named-xfer <VAR>path_name</VAR>; ]
- [ dump-file <VAR>path_name</VAR>; ]
- [ memstatistics-file <VAR>path_name</VAR>; ]
- [ pid-file <VAR>path_name</VAR>; ]
- [ statistics-file <VAR>path_name</VAR>; ]
- [ auth-nxdomain <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ deallocate-on-exit <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ fake-iquery <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ fetch-glue <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ has-old-clients <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ host-statistics <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ host-statistics-max <VAR>number</VAR>; ]
- [ multiple-cnames <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ notify ( <VAR><A HREF="docdef.html">yes_or_no</A></VAR> | explicit ) <; ]
- [ suppress-initial-notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ recursion <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ rfc2308-type1 <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ use-id-pool <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ treat-cr-as-space <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ... ] }; ]
- [ forward ( only | first ); ]
- [ forwarders { [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; ... ] ] }; ]
- [ check-names ( master | slave | response ) ( warn | fail | ignore); ]
- [ allow-query { <VAR>address_match_list</VAR> }; ]
- [ allow-transfer { <VAR>address_match_list</VAR> }; ]
- [ allow-recursion { <VAR>address_match_list</VAR> }; ]
- [ blackhole { <VAR>address_match_list</VAR> }; ]
- [ listen-on [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR>address_match_list</VAR> }; ]
- [ query-source [ address ( <VAR><A HREF="docdef.html">ip_addr</A></VAR> | * ) ] [ port ( <VAR><A HREF="docdef.html">ip_port</A></VAR> | * ) ] ; ]
- [ lame-ttl <VAR>number</VAR>; ]
- [ max-transfer-time-in <VAR>number</VAR>; ]
- [ max-ncache-ttl <VAR>number</VAR>; ]
- [ min-roots <VAR>number</VAR>; ]
- [ serial-queries <VAR>number</VAR>; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ transfers-in <VAR>number</VAR>; ]
- [ transfers-out <VAR>number</VAR>; ]
- [ transfers-per-ns <VAR>number</VAR>; ]
- [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ]
- [ maintain-ixfr-base <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ max-ixfr-log-size <VAR>number</VAR>; ]
- [ coresize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ datasize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ files <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ stacksize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ cleaning-interval <VAR>number</VAR>; ]
- [ heartbeat-interval <VAR>number</VAR>; ]
- [ interface-interval <VAR>number</VAR>; ]
- [ statistics-interval <VAR>number</VAR>; ]
- [ <A HREF="#topology">topology</A> { <VAR>address_match_list</VAR> }; ]
- [ <A HREF="#sortlist">sortlist</A> { <VAR>address_match_list</VAR> }; ]
- [ rrset-order { <VAR>order_spec</VAR> ; [ <VAR>order_spec</VAR> ; ... ] }; ]
- [ preferred-glue ( A | AAAA ); ]
- [ edns-udp-size <VAR>number</VAR>; ]
-};
-</PRE>
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The options statement sets up global options to be used by
-BIND. This statement may appear at only once in a
-configuration file; if more than one occurrence is found, the
-first occurrence determines the actual options used,
-and a warning will be generated. If there is no options statement,
-an options block with each option set to its default will be used.</P>
-
-<H4>Server Information</H4>
-
-<DL>
-<DT><CODE>hostname</CODE>
-<DD>
-This defaults to the hostname of the machine hosting the nameserver
-as found by gethostname().
-Its prime purpose is to be able to identify which of a number of anycast
-servers is actually answering your queries by sending a <I>txt</I>
-query for <CODE>hostname.bind</CODE> in class <I>chaos</I> to the anycast
-server and getting back a unique name.
-Setting the hostname to a empty string ("") will disable processing of
-the queries.
-
-<DT><CODE>version</CODE>
-<DD>
-The version the server should report via the <VAR>ndc</VAR> command
-or via a query of name <CODE>version.bind</CODE> in class <I>chaos</I>.
-The default is the real version number of the server, but some server
-operators prefer the string <CODE>"surely you must be joking"</CODE>.
-Changing the value of this string will not prevent people from identifying
-what version you are running.
-</DL>
-
-<H4>Pathnames</H4>
-
-<DL>
-<DT><CODE>directory</CODE>
-<DD>
-The working directory of the server. Any non-absolute
-pathnames in the configuration file will be taken as relative to this
-directory. The default location for most server output files
-(e.g. "named.run") is this directory. If a directory is not
-specified, the working directory defaults to ".", the directory from which the
-server was started. The directory specified should be an absolute path.
-
-<DT><CODE>named-xfer</CODE>
-<DD>
-The pathname to the named-xfer program that the server uses for
-inbound zone transfers. If not specified, the default is
-system dependent (e.g. "/usr/sbin/named-xfer").
-
-<DT><CODE>dump-file</CODE>
-<DD>
-The pathname of the file the server dumps the database to when it
-receives <CODE>SIGINT</CODE> signal (<CODE>ndc dumpdb</CODE>). If not
-specified, the default is "named_dump.db".
-
-<DT><CODE>memstatistics-file</CODE>
-<DD>
-The pathname of the file the server writes memory usage statistics to, on exit,
-if <CODE>deallocate-on-exit</CODE> is <CODE>yes</CODE>. If not
-specified, the default is "named.memstats".
-
-<DT><CODE>pid-file</CODE>
-<DD>
-The pathname of the file the server writes its process ID in. If not
-specified, the default is operating system dependent, but is usually
-"/var/run/named.pid" or "/etc/named.pid". The pid-file is used by
-programs like "ndc" that want to send signals to the running
-nameserver.
-
-<DT><CODE>statistics-file</CODE>
-<DD>
-The pathname of the file the server appends statistics to when it
-receives <CODE>SIGILL</CODE> signal (<CODE>ndc stats</CODE>). If not
-specified, the default is "named.stats".
-</DL>
-
-<A name="BooleanOptions"><H4>Boolean Options</H4></A>
-
-<DL>
-<DT><CODE>auth-nxdomain</CODE>
-<DD>
-If <CODE>yes</CODE>, the <CODE>AA</CODE> bit is always set on
-NXDOMAIN responses, even if the server is not actually authoritative.
-The default is <CODE>no</CODE>. Turning <CODE>auth-nxdomain</CODE> will
-allow older clients that require <CODE>AA</CODE> to be set to accept
-NXDOMAIN responses to work.
-
-<DT><CODE>deallocate-on-exit</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will painstakingly deallocate every object it
-it allocated, when it exits, and then write a memory usage report to
-the <CODE>memstatistics-file</CODE>. The default is <CODE>no</CODE>, because
-it is faster to let the operating system clean up.
-<CODE>deallocate-on-exit</CODE> is handy for detecting memory leaks.
-
-<DT><CODE>dialup</CODE>
-<DD>
-If <CODE>yes</CODE>, the server treats all zones as if they are
-doing zone transfers across a dial on demand dialup link, which can
-be brought up by traffic originating from this server. This has
-different effects according to zone type and concentrates the zone
-maintenance so that it all happens in a short interval, once every
-<CODE>heartbeat-interval</CODE> and hopefully during the one call.
-It also suppresses some of the normal zone maintainance traffic.
-The default is <CODE>no</CODE>. The <CODE>dialup</CODE>
-option may also be specified in the <CODE>zone</CODE> statement, in which
-case it overrides the <CODE>options dialup</CODE> statement.
-
-<P>
-If the zone is a <CODE>master</CODE> zone, the server will send out
-NOTIFY request to all the slaves. This will trigger the "zone up to
-date checking" in the slave (providing it supports NOTIFY), allowing
-the <CODE>slave</CODE> to verify the zone while the call us up.
-
-<P>
-If the zone is a <CODE>slave</CODE> or <CODE>stub</CODE> zone, the server
-will suppress the regular "zone up to date" queries and only perform
-them when the <CODE>heartbeat-interval</CODE> expires.
-
-<DT><CODE>fake-iquery</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will simulate the obsolete DNS query type
-IQUERY. The default is <CODE>no</CODE>.
-
-<DT><CODE>fetch-glue</CODE>
-<DD>
-If <CODE>yes</CODE> (the default), the server will fetch "glue" resource
-records it doesn't have when constructing the additional data section of
-a response. <CODE>fetch-glue no</CODE> can be used in conjunction with
-<CODE>recursion no</CODE> to prevent the server's cache from growing or
-becoming corrupted (at the cost of requiring more work from the client).
-
-<DT><CODE>has-old-clients</CODE>
-<DD>
-Setting the option to <CODE>yes</CODE> is equivalent to setting the following
-options: <CODE>auth-nxdomain yes;</CODE> and <CODE>rfc2308-type1 no;</CODE>.
-The use of <CODE>has-old-clients</CODE> with <CODE>auth-nxdomain</CODE>
-and <CODE>rfc2308-type1</CODE> is order dependent.
-
-<DT><CODE>host-statistics</CODE>
-<DD>
-If <CODE>yes</CODE>, statistics are kept for every host that the
-the nameserver interacts with. The default is <CODE>no</CODE>. <I>Note:</I>
-turning on <CODE>host-statistics</CODE> can consume huge amounts of memory.
-
-<DT><CODE>host-statistics-max</CODE>
-<DD>
-The maximum number of host records that will be kept. When this limit is
-reached no new hosts will be added to the host statistics. If the set
-to zero then there is no limit set. The default value is zero.
-
-<DT><CODE>maintain-ixfr-base</CODE>
-<DD>
-If <CODE>yes</CODE>, a transaction log is kept for
-Incremental Zone Transfer. The default is <CODE>no</CODE>.
-
-<DT><CODE>multiple-cnames</CODE>
-<DD>
-If <CODE>yes</CODE>, multiple CNAME resource records will be
-allowed for a domain name. The default is <CODE>no</CODE>. Allowing
-multiple CNAME records is against standards and is not recommended.
-Multiple CNAME support is available because previous versions of BIND
-allowed multiple CNAME records, and these records have been used for load
-balancing by a number of sites.
-
-<DT><CODE>notify</CODE>
-<DD>
-If <CODE>yes</CODE> (the default), DNS NOTIFY messages are sent when a
-zone the server is authoritative for changes. The use of NOTIFY
-speeds convergence between the master and its slaves. Slave servers
-that receive a NOTIFY message, and understand it, will contact the
-master server for the zone to see if they need to do a zone transfer. If
-they do, they will initiate it immediately. If <CODE>explicit</CODE>,
-the NOTIFY messages will only be sent to the addresses in the
-<CODE>also-notify</CODE> list. The <CODE>notify</CODE>
-option may also be specified in the <CODE>zone</CODE> statement, in which
-case it overrides the <CODE>options notify</CODE> statement.
-
-<DT><CODE>suppress-initial-notify</CODE>
-<DD>
-If <CODE>yes</CODE>, suppress the initial notify messages when the server
-first loads. The default is <CODE>no</CODE>.
-
-<DT><CODE>recursion</CODE>
-<DD>
-If <CODE>yes</CODE>, and a DNS query requests recursion, the
-server will attempt to do all the work required to answer the query.
-If recursion is not on, the server will return a referral to the
-client if it doesn't know the answer. The default is <CODE>yes</CODE>.
-See also <CODE>fetch-glue</CODE> above.
-
-<DT><CODE>rfc2308-type1</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will send NS records along with the SOA
-record for negative answers from the cache.
-You need to set this to <CODE>no</CODE> if you have an old BIND
-server using you as a forwarder that does not understand negative answers
-which contain both SOA and NS records or you have an old version of sendmail.
-The correct fix is to upgrade the broken server or sendmail.
-The default is <CODE>no</CODE>.
-
-<DT><CODE>use-id-pool</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will keep track of its own outstanding
-query ID's to avoid duplication and increase randomness. This will result
-in 128KB more memory being consumed by the server.
-The default is <CODE>no</CODE>.
-
-<DT><CODE>treat-cr-as-space</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will treat '\r' characters the same way it
-treats a ' ' or '\t'. This may be necessary when loading zone files on a
-UNIX system that were generated on an NT or DOS machine. The default is <CODE>no</CODE>.
-
-</DL>
-
-<A NAME="Also-notify"><H4>Also-Notify</H4></A>
-
-<DT><CODE>also-notify</CODE>
-<P>
-Defines a global list of IP addresses that also get sent NOTIFY messages
-whenever a fresh copy of the zone is loaded. This helps to ensure that
-copies of the zones will quickly converge on ``stealth'' servers.
-If an <CODE>also-notify</CODE> list is given in a <CODE>zone</CODE>
-statement, it will override the <CODE>options also-notify</CODE> statement.
-When a <CODE>zone notify</CODE> statement is set to <CODE>no</CODE>,
-the IP addresses in the global <CODE>also-notify</CODE> list will not get
-sent NOTIFY messages for that zone.
-The default is the empty list (no global notification list).
-
-<A NAME="Forwarding"><H4>Forwarding</H4></A>
-
-<P>The forwarding facility can be used to create a large site-wide
-cache on a few servers, reducing traffic over links to external
-nameservers. It can also be used to allow queries by servers that do
-not have direct access to the Internet, but wish to look up exterior
-names anyway. Forwarding occurs only on those queries for which the
-server is not authoritative and does not have the answer in its cache.
-
-<DL>
-<DT><CODE>forward</CODE>
-<DD>
-This option is only meaningful if the <CODE>forwarders</CODE> list is
-not empty. A value of <CODE>first</CODE>, the default, causes the
-server to query the forwarders first, and if that doesn't answer the
-question the server will then look for the answer itself. If
-<CODE>only</CODE> is specified, the server will only query the
-forwarders.
-
-<DT><CODE>forwarders</CODE>
-<DD>
-Specifies the IP addresses to be used for forwarding. The default is the
-empty list (no forwarding).
-</DL>
-
-<P>Forwarding can also be configured on a per-zone basis, allowing for
-the global forwarding options to be overridden in a variety of ways.
-You can set particular zones to use different forwarders, or have
-different <CODE>forward only/first</CODE> behavior, or to not forward
-at all. See the <A HREF="zone.html"><CODE>zone</CODE></A> statement
-for more information.
-
-<P>Future versions of BIND 8 will provide a more powerful forwarding
-system. The syntax described above will continue to be supported.
-
-<a name="NameChecking"><H4>Name Checking</H4></a>
-
-<P>The server can check domain names based upon their expected client contexts.
-For example, a domain name used as a hostname can be checked for compliance
-with the RFCs defining valid hostnames.
-
-<P>Three checking methods are available:
-
-<DL>
-<DT><CODE>ignore</CODE>
-<DD>
-No checking is done.
-
-<DT><CODE>warn</CODE>
-<DD>
-Names are checked against their expected client contexts. Invalid names are
-logged, but processing continues normally.
-
-<DT><CODE>fail</CODE>
-<DD>
-Names are checked against their expected client contexts. Invalid names are
-logged, and the offending data is rejected.
-</DL>
-
-<P>The server can check names three areas: master zone files, slave
-zone files, and in responses to queries the server has initiated. If
-<CODE>check-names response fail</CODE> has been specified, and
-answering the client's question would require sending an invalid name
-to the client, the server will send a REFUSED response code to the
-client.
-
-<P>The defaults are:
-
-<PRE>
- check-names master fail;
- check-names slave warn;
- check-names response ignore;
-</PRE>
-
-<P><CODE>check-names</CODE> may also be specified in the
-<A HREF="zone.html"><CODE>zone</CODE></A>
-statement, in which case it overrides the <CODE>options check-names</CODE>
-statement. When used in a <CODE>zone</CODE> statement, the area is not
-specified (because it can be deduced from the zone type).
-
-<A name="AccessControl"><H4>Access Control</H4></A>
-
-<P>Access to the server can be restricted based on the IP address of the
-requesting system. See
-<VAR><A HREF="address_list.html">address_match_list</A></VAR> for details
-on how to specify IP address lists.
-
-<DL>
-<DT><CODE>allow-query</CODE>
-<DD>
-Specifies which hosts are allowed to ask ordinary questions.
-<CODE>allow-query</CODE> may also be specified in the
-<CODE>zone</CODE> statement, in which case it overrides the
-<CODE>options allow-query</CODE> statement. If not specified, the default is
-to allow queries from all hosts.
-
-<DT><CODE>allow-transfer</CODE>
-<DD>
-Specifies which hosts are allowed to receive zone transfers from the
-server. <CODE>allow-transfer</CODE> may also be specified in the
-<CODE>zone</CODE> statement, in which case it overrides the
-<CODE>options allow-transfer</CODE> statement. If not specified, the default
-is to allow transfers from all hosts.
-
-<DT><CODE>allow-recursion</CODE>
-<DD>
-Specifies which hosts are allowed to make recursive queries through this
-server. If not specified, the default is to allow recursive queries from
-all hosts.
-
-<DT><CODE>blackhole</CODE>
-<DD>
-Specifies a list of addresses that the server will not accept queries from
-or use to resolve a query. Queries from these addresses will not be
-responded to.
-</DL>
-
-<H4>Interfaces</H4>
-
-<P>The interfaces and ports that the server will answer queries from may
-be specified using the <CODE>listen-on</CODE> option. <CODE>listen-on</CODE>
-takes an optional port, and an
-<VAR><A HREF="address_list.html">address_match_list</A></VAR>. The server will
-listen on all interfaces allowed by the address match list. If a port is
-not specified, port 53 will be used.
-
-<P>Multiple <CODE>listen-on</CODE> statements are allowed. For example,
-
-<PRE>
- listen-on { 5.6.7.8; };
- listen-on port 1234 { !1.2.3.4; 1.2/16; };
-</PRE>
-
-will enable the nameserver on port 53 for the IP address 5.6.7.8, and
-on port 1234 of an address on the machine in net 1.2 that is not
-1.2.3.4.
-
-<P>If no <CODE>listen-on</CODE> is specified, the server will listen on port
-53 on all interfaces.
-
-<H4>Query Address</H4>
-
-<P>If the server doesn't know the answer to a question, it will query
-other nameservers. <CODE>query-source</CODE> specifies the address
-and port used for such queries. If <CODE>address</CODE> is
-<CODE>*</CODE> or is omitted, a wildcard IP address
-(<CODE>INADDR_ANY</CODE>) will be used. If <CODE>port</CODE> is
-<CODE>*</CODE> or is omitted, a random unprivileged port will be used.
-The default is
-
-<PRE>
- query-source address * port *;
-</PRE>
-
-<P>Note: <CODE>query-source port</CODE> applies only to UDP queries,
-TCP queries always use a random unprivileged port.
-
-<A name="ZoneTransfers"><H4>Zone Transfers</H4></A>
-
-<DL>
-<DT><CODE>max-transfer-time-in</CODE>
-<DD>
-Inbound zone transfers (<CODE>named-xfer</CODE> processes) running
-longer than this many minutes will be terminated. The default is 120
-minutes (2 hours).
-
-<DT><CODE>transfer-format</CODE>
-<DD>
-The server supports two zone transfer methods.
-<CODE>one-answer</CODE> uses one DNS message per resource record
-transferred. <CODE>many-answers</CODE> packs as many resource records
-as possible into a message. <CODE>many-answers</CODE> is more
-efficient, but is only known to be understood by BIND 8.1+ and patched
-versions of BIND 4.9.5. The default is <CODE>one-answer</CODE>.
-<CODE>transfer-format</CODE> may be
-overridden on a per-server basis by using the <CODE>server</CODE> statement.
-
-<DT><CODE>transfers-in</CODE>
-<DD>
-The maximum number of inbound zone transfers that can be running
-concurrently. The default value is 10. Increasing
-<CODE>transfers-in</CODE> may speed up the convergence of slave zones,
-but it also may increase the load on the local system.
-
-<DT><CODE>transfers-out</CODE>
-<DD>
-This option will be used in the future to limit the number of
-concurrent outbound zone transfers. It is checked for syntax, but is
-otherwise ignored.
-
-<DT><CODE>transfers-per-ns</CODE>
-<DD>
-The maximum number of inbound zone transfers (<CODE>named-xfer</CODE>
-processes) that can be concurrently transferring from a given remote
-nameserver. The default value is 2. Increasing
-<CODE>transfers-per-ns</CODE> may speed up the convergence of slave
-zones, but it also may increase the load on the remote nameserver.
-<CODE>transfers-per-ns</CODE> may be overridden on a per-server basis
-by using the <CODE>transfers</CODE> phrase of the <CODE>server</CODE>
-statement.
-
-<DT><CODE>transfer-source</CODE>
-<DD>
-<CODE>transfer-source</CODE> determines which local address will be bound
-to the TCP connection used to fetch all zones transferred inbound by the
-server. If not set, it defaults to a system controlled value which will
-usually be the address of the interface ``closest to'' the remote end.
-This address must appear in the remote end's <CODE>allow-transfer</CODE>
-option for the zone being transferred, if one is specified. This statement
-sets the <CODE>transfer-source</CODE> for all zones, but can be overridden
-on a per-zone basis by including a <CODE>transfer-source</CODE> statement
-within the zone block in the configuration file.
-
-<DT><CODE>serial-queries</CODE>
-<DD>
-Slave servers will periodically query master servers to find out if zone
-serial numbers have changed. Each such query uses a minute amount of the
-slave server's network bandwidth, but more importantly each query uses a
-small amount of <I>memory</I> in the slave server while waiting for the
-master server to respond. The <CODE>serial-queries</CODE> option sets the
-maximum number of concurrent serial-number queries allowed to be outstanding
-at any given time. The default is four (4).
-<B>Note:</B>
-If a server loads a large (tens or hundreds of thousands) number of slave
-zones, this limit should be raised to the high hundreds or low
-thousands -- otherwise the slave server may never actually become aware of
-zone changes in the master servers. Beware, though, that setting this limit
-arbitrarily high can spend a considerable amount of your slave server's
-network, CPU, and memory resources. As with all tunable limits, this one
-should be changed gently and monitored for its effects.
-</DL>
-
-<H4>Resource Limits</H4>
-
-<P>The server's usage of many system resources can be limited. Some
-operating systems don't support some of the limits. On such systems,
-a warning will be issued if the unsupported limit is used. Some
-operating systems don't support limiting resources, and on these systems
-a <CODE>cannot set resource limits on this system</CODE> message will
-be logged.
-
-<P>Scaled values are allowed when specifying resource limits. For
-example, <CODE>1G</CODE> can be used instead of
-<CODE>1073741824</CODE> to specify a limit of one gigabyte.
-<CODE>unlimited</CODE> requests unlimited use, or the maximum
-available amount. <CODE>default</CODE> uses the limit that was in
-force when the server was started. See
-<VAR><A HREF="docdef.html">size_spec</A></VAR> for more details.
-
-<DL>
-<DT><CODE>coresize</CODE>
-<DD>
-The maximum size of a core dump. The default is <CODE>default</CODE>.
-
-<DT><CODE>datasize</CODE>
-<DD>
-The maximum amount of data memory the server may use. The default is
-<CODE>default</CODE>.
-
-<DT><CODE>files</CODE>
-<DD>
-The maximum number of files the server may have open concurrently.
-The default is <CODE>unlimited</CODE>. <I>Note:</I> on some operating
-systems the server cannot set an unlimited value and cannot determine
-the maximum number of open files the kernel can support. On such
-systems, choosing <CODE>unlimited</CODE> will cause the server to use
-the larger of the <CODE>rlim_max</CODE> for <CODE>RLIMIT_NOFILE</CODE>
-and the value returned by <CODE>sysconf(_SC_OPEN_MAX)</CODE>. If the
-actual kernel limit is larger than this value, use <CODE>limit
-files</CODE> to specify the limit explicitly.
-
-<DT><CODE>max-ixfr-log-size</CODE>
-<DD>
-Limit the size of the transaction log kept for Incremental Zone Transfer.
-Default 0 (unlimited).
-
-<DT><CODE>stacksize</CODE>
-<DD>
-The maximum amount of stack memory the server may use. The default is
-<CODE>default</CODE>.
-</DL>
-
-<H4>Periodic Task Intervals</H4>
-
-<DL>
-<DT><CODE>cleaning-interval</CODE>
-<DD>
-The server will remove expired resource records from the cache every
-<CODE>cleaning-interval</CODE> minutes. The default is 60 minutes. If set
-to 0, no periodic cleaning will occur.
-
-<DT><CODE>heartbeat-interval</CODE>
-<DD>
-The server will perform zone maintenance tasks for all zones marked
-<CODE>dialup yes</CODE> whenever this interval expires.
-The default is 60 minutes. Reasonable values are up to 1 day (1440 minutes).
-If set to 0, no zone maintenance for these zones will occur.
-<DT><CODE>interface-interval</CODE>
-<DD>
-The server will scan the network interface list every
-<CODE>interface-interval</CODE> minutes. The default is 60 minutes.
-If set to 0, interface scanning will only occur when the configuration
-file is loaded. After the scan, listeners will be started on any new
-interfaces (provided they are allowed by the <CODE>listen-on</CODE>
-configuration). Listeners on interfaces that have gone away will be
-cleaned up.
-
-<DT><CODE>statistics-interval</CODE>
-<DD>
-Nameserver statistics will be logged every <CODE>statistics-interval</CODE>
-minutes. The default is 60. If set to 0, no statistics will be logged.
-</DL>
-
-<H4><A NAME="topology">Topology</A></H4>
-
-<P>All other things being equal, when the server chooses a nameserver
-to query from a list of nameservers, it prefers the one that is
-topologically closest to itself. The <CODE>topology</CODE> statement
-takes an <VAR><A HREF="address_list.html">address_match_list</A></VAR>
-and interprets it in a special way. Each top-level list element is
-assigned a distance. Non-negated elements get a distance based on
-their position in the list, where the closer the match is to the start
-of the list, the shorter the distance is between it and the server. A
-negated match will be assigned the maximum distance from the server.
-If there is no match, the address will get a distance which is further
-than any non-negated list element, and closer than any negated
-element. For example,
-
-<PRE>
- topology {
- 10/8;
- !1.2.3/24;
- { 1.2/16; 3/8; };
- };
-</PRE>
-
-<P>will prefer servers on network 10 the most, followed by hosts on
-network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception
-of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least
-of all.
-
-<P>The default topology is
-
-<PRE>
- topology { localhost; localnets; };
-</PRE>
-
-<H4><A NAME="sortlist">Resource Record sorting</A></H4>
-
-<P>
-When returning multiple RRs,
-the nameserver will normally return them in
-<B>Round Robin</B>,
-i.e. after each request, the first RR is put to the end of the list.
-As the order of RRs is not defined, this should not cause any problems.
-</P>
-<P>
-The client resolver code should re-arrange the RRs as appropriate,
-i.e. using any addresses on the local net in preference to other addresses.
-However, not all resolvers can do this, or are not correctly configured.
-</P>
-<P>
-When a client is using a local server, the sorting can be performed in the
-server, based on the client's address.
-This only requires configuring the nameservers, not all the clients.
-</P>
-<P>
-The sortlist statement takes an address match list and interprets it even
-more specially than the <A HREF="#topology">topology</A> statement does.
-</P>
-<P>
-Each top level statement in the sortlist must itself be an explicit
-address match list with one or two elements. The first element
-(which may be an IP address, an IP prefix, an ACL name or nested
-address match list) of each top level list is checked against the
-source address of the query until a match is found.
-</P>
-<P>
-Once the source address of the query has been matched, if the top level
-statement contains only one element, the actual primitive element that
-matched the source address is used to select the address in the response
-to move to the beginning of the response. If the statement is a list
-of two elements, the second element is treated like the address
-match list in a topology statement. Each top level element is assigned
-a distance and the address in the response with the minimum distance is
-moved to the beginning of the response.
-</P>
-<P>
-In the following example, any queries received from any of the addresses
-of the host itself will get responses preferring addresses on any of
-the locally connected networks. Next most preferred are addresses on
-the 192.168.1/24 network, and after that either the 192.168.2/24 or
-192.168.3/24 network with no preference shown between these two networks.
-Queries received from a host on the 192.168.1/24 network will prefer
-other addresses on that network to the 192.168.2/24 and 192.168.3/24
-networks. Queries received from a host on the 192.168.4/24 or the
-192.168.5/24 network will only prefer other addresses on their
-directly connected networks.
-<PRE>
-sortlist {
- { localhost; // IF the local host
- { localnets; // THEN first fit on the
- 192.168.1/24; // following nets
- { 192,168.2/24; 192.168.3/24; }; }; };
- { 192.168.1/24; // IF on class C 192.168.1
- { 192.168.1/24; // THEN use .1, or .2 or .3
- { 192.168.2/24; 192.168.3/24; }; }; };
- { 192.168.2/24; // IF on class C 192.168.2
- { 192.168.2/24; // THEN use .2, or .1 or .3
- { 192.168.1/24; 192.168.3/24; }; }; };
- { 192.168.3/24; // IF on class C 192.168.3
- { 192.168.3/24; // THEN use .3, or .1 or .2
- { 192.168.1/24; 192.168.2/24; }; }; };
- { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
- };
-};
-</PRE>
-The following example will give reasonable behaviour for the local host
-and hosts on directly connected networks. It is similar to the behavior
-of the address sort in BIND 4.9.x. Responses sent to queries from the
-local host will favor any of the directly connected networks. Responses
-sent to queries from any other hosts on a directly connected network will
-prefer addresses on that same network. Responses to other queries will
-not be sorted.
-<PRE>
-sortlist {
- { localhost; localnets; };
- { localnets; };
-};
-</PRE>
-<!--
- * XXX - it would be nice to have an ACL called "source" that matched the
- * source address of a query so that a host could be configured to
- * automatically prefer itself, and an ACL called "sourcenet", that
- * would return the primitive IP match element that matched the source
- * address so that you could do:
- * { localnets; { sourcenet; { other stuff ...}; };
- * and automatically get similar behaviour to what you get with:
- * { localnets; };
--->
-</P>
-
-<a name="RrsetOrder">
-<H4>RRset Ordering</H4>
-
-<P>When multiple records are returned in an answer it may be useful to
-configure the order the records are placed into the response. For example the
-records for a zone might be configured to always be returned in the order they
-are defined in the zone file. Or perhaps a <i>random</i> shuffle of the
-records as they are returned is wanted. The <var>rrset-order</var> statement
-permits configuration of the ordering made of the records in a multiple record
-response. The default, if no ordering is defined, is a cyclic ordering (round
-robin).
-
-<P>An <var>order_spec</var> is defined as follows:
-
-<PRE>
- [ <var>class</var> class_name ][ <var>type</var> type_name ][ <var>name</var> "FQDN" ] <var>order</var> ordering
-</PRE>
-
-<P>If no <var>class</var> is specified, the default is <code>ANY</code>. If no
-<var>type</var> is specified, the default is <code>ANY</code>. If no
-<var>name</var> is specified, the default is <code>"*"</code>.
-
-<P>The legal values for <code>ordering</code> are:
-
-<DL>
-<DT><code>fixed</code>
-<DD>Records are returned in the order they are defined in the zone file.
-
-<DT><code>random</code>
-<DD>Records are returned in some random order.
-
-<DT><code>cyclic</code>
-<DD>Records are returned in a round-robin order.
-
-</DL>
-
-
-<P>For example:
-
-<PRE>
- rrset-order {
- class IN type A name "rc.vix.com" order random;
- order cyclic;
- };
-</PRE>
-
-<P>will cause any responses for type <VAR>A</VAR> records in class
-<VAR>IN</VAR> that have "rc.vix.com" as a suffix, to always be returned in
-random order. All other records are returned in cyclic order.
-
-<P>If multiple <code>rrset-order</code> statements appear, they are not
-combined--the last one applies.
-
-<P>If no <code>rrset-order</code> statement is specified, a default one
-of:
-
-<pre>
- rrset-order { class ANY type ANY name "*" order cyclic ; };
-</pre>
-
-<P>is used.
-
-<H4>Glue Ordering</H4>
-
-When running a root nameserver it is sometimes necessary to ensure that
-other nameservers that are priming are successful. This requires
-that glue A records for at least of the nameservers are returned in
-the answer to a priming query. This can be achieved by setting
-<CODE>preferred-glue A;</CODE> which will add A records before other types
-in the additional section.
-
-<H4>EDNS</H4>
-
-Some firewalls fail to pass EDNS/UDP messages that are larger than
-certain size, 512 or the UDP reassembly buffer. To allow EDNS to
-work across such firewalls it is necessary to advertise a EDNS
-buffer size that is small enough to not trigger failures.
-<CODE>edns-udp-size</CODE> can be use to adjust the advertised size.
-Values less than 512 will be increased to 512 and values greater than
-4096 will be truncated to 4096.
-
-<H4>Tuning</H4>
-
-<DL>
-<DT><CODE>lame-ttl</CODE>
-<DD>
-Sets the number of seconds to cache a lame server indication.
-0 disables caching. Default is 600 (10 minutes). Maximum value is 1800 (30 minutes).
-<DT><CODE>max-ncache-ttl</CODE>
-<DD>
-To reduce network traffic and increase performance the server stores negative
-answers. <CODE>max-ncache-ttl</CODE> is used to set a maximum retention time
-for these answers in the server is seconds. The default <CODE>max-ncache-ttl</CODE> is
-10800 seconds (3 hours). <CODE>max-ncache-ttl</CODE> cannot exceed the
-maximum retention time for ordinary (positive) answers (7 days) and will be
-silently truncated to 7 days if set to a value which is greater that 7 days.
-<DT><CODE>min-roots</CODE>
-<DD>
-The minimum number of root servers that is required for a
-request for the root servers to be accepted. Default 2.
-</DL>
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: options.html,v 1.49.6.1 2003/06/02 09:56:33 marka Exp $
-</ADDRESS>
-</BODY>
-</HTML>
OpenPOWER on IntegriCloud