Provided by:
manpages-ja_0.5.0.0.20110915-1_all 
logging
[ channel channel_name {
( file path_name
[ versions ( number | unlimited ) ]
[ size size_spec ]
| syslog ( kern | user | mail | daemon | auth | syslog | lpr |
news | uucp | cron | authpriv | ftp |
local0 | local1 | local2 | local3 |
local4 | local5 | local6 | local7 )
| null );
[ severity ( critical | error | warning | notice |
info | debug [ level ] | dynamic ); ]
[ print-category yes_or_no; ]
[ print-severity yes_or_no; ]
[ print-time yes_or_no; ]
}; ]
[ category category_name {
channel_name; [ channel_name; ... ]
}; ]
...
};
logging channel category
1 logging logging logging logging 1 :
logging {
category default { default_syslog; default_debug; };
category panic { default_syslog; default_stderr; };
category packet { default_debug; };
category eventlib { default_debug; };
};
logging logging logging
1
syslog ( info ) named 3
null
file
size size named size
version named lamers.log 3 lamer.log lamers.log.1 lamers.log.2
channel an_example_level {
file "lamers.log" versions 3 size 20m;
print-time yes;
print-category yes;
};
syslog syslog(3) syslog syslogd syslog.conf(5) openlog()() 2 syslog
severity syslog syslog
syslog syslog.conf daemon debug syslog.conf daemon.warning info notice
named warning syslogd
0 -d named SIGUSR1 ( ndc trace ) 0 SIGUSR2 ( ndc notrace ) 3
channel specific_debug_level {
file "foo";
severity debug 3;
};
dynamic
print-time print-time syslog syslog print-category print-severity print-
: time, category, severity 3 print- :
28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries.
named 4 category
channel default_syslog {
syslog daemon; # syslog daemon
severity info; # info
};
channel default_debug {
file "named.run"; # named.run
#
# : -f
# "named.run"
#
severity dynamic; #
};
channel default_stderr { #
file "<stderr>"; #
#
#
severity info; # info
};
channel null {
null; #
};
category
default default default :
category default { default_syslog; default_debug; };
:
channel my_security_channel {
file "my_security_file";
severity info;
};
category security { my_security_channel;
default_syslog; default_debug; };
null :
category lame-servers { null; };
category cname { null; };
:
default
default default :
category default { default_syslog; default_debug; };
config
parser
queries
lame-servers
``Lame server on ...''
statistics
panic
panic :
category panic { default_syslog; default_stderr; };
update
ncache
xfer-in
xfer-out
db
eventlib
1 eventlib :
category eventlib { default_debug; };
packet
1 packet :
category packet { default_debug; };
notify
NOTIFY
cname
``... points to a CNAME''
security
/
os
insist
maintenance
load
response-checks
``Malformed response ...'', ``wrong ans. name ...'', ``unrelated
additional info ...'', ``invalid RR type ...'', ``bad referral ...''
options
[ version version_string; ]
[ directory path_name; ]
[ named-xfer path_name; ]
[ dump-file path_name; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ statistics-file path_name; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup yes_or_no; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ has-old-clients yes_or_no; ]
[ host-statistics yes_or_no; ]
[ host-statistics-max number; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ treat-cr-as-space yes_or_no; ]
[ also-notify yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { [ in_addr ; [ in_addr ; ... ] ] }; ]
[ check-names ( master | slave | response ) ( warn | fail | ignore); ]
[ allow-query { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ blackhole { address_match_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ query-source [ address ( ip_addr | * ) ]
[ port ( ip_port | * ) ] ; ]
[ lame-ttl number; ]
[ max-transfer-time-in number; ]
[ max-ncache-ttl number; ]
[ min-roots number; ]
[ serial-queries number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ transfer-source ip_addr; ]
[ maintain-ixfr-base yes_or_no; ]
[ max-ixfr-log-size number; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
[ stacksize size_spec ; ]
[ cleaning-interval number; ]
[ heartbeat-interval number; ]
[ interface-interval number; ]
[ statistics-interval number; ]
[ topology { address_match_list }; ]
[ sortlist { address_match_list|fR }; ]
[ rrset-order { order_spec ; [ order_spec ; ... [ [ };
};
version
ndc chaos version.bind ( )
directory
( named.run) ~.
named-xfer
named-xfer ( /usr/sbin/named-xfer )
dump-file
SIGINT ( ndc dumpdb ) named_dump.db
memstatistics-file
deallocate-on-exit yes named.memstats
pid-file
ID /var/run/named.pid /etc/named.pid pid-file ndc
statistics-file
SIGILL ( ndc stats ) named.stats
auth-nxdomain
yes AA NXDOMAIN yes auth-nxdomain
deallocate-on-exit
yes memstatistics-file no deallocate-on-exit
dialup
yes heartbeat-interval 1 1 no dialup zone options dialup
master NOTIFY ( NOTIFY )
slave stub heartbeat-interval
fake-iquery
yes IQUERY DNS no
fetch-glue
yes () ( ) fetch-glue no recursion no
has-old-clients
yes 3 : auth-nxdomain yes ;, maintain-ixfr-base yes ;, rfc2308-type1
no; has-old-clients auth-nxdomain, maintain-ixfr-base, rfc2308-type1
host-statistics
yes no : host-statistics
0 0
maintain-ixfr-base
yes IXFR IXFR no
multiple-cnames
yes 1 CNAME no CNAME BIND CNAME CNAME
notify
yes () DNS NOTIFY NOTIFY NOTIFY notify zone options notify
recursion
yes DNS recursion yes fetch-glue
rfc2308-type1
yes SOA NS BIND SOA NS sendmail no sendmail no
use-id-pool
yes ID 128 KB no
treat-cr-as-space
yes CR NT DOS UNIX no
Also-Notify
also-notify
NOTIFY IP also-notify zone options also-notify zone notify no
also-notify IP NOTIFY ( notification )
forward
forwarders first only
forwarders
IP ()
forward only/first
RFC
3 :
ignore
warn
fail
3 : check-names response fail REFUSED
:
check-names master fail;
check-names slave warn;
check-names response ignore;
check-names zone options check-names zone ( )
IP
allow-query
allow-query zone options allow-query allow-query
allow-recursion
allow-transfer
allow-transfer zone options allow-transfer allow-transfer
blackhole
listen-on listen-on 53
listen-on
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
listen-on 53
query-source address * IP ( INADDR_ANY ) port *
query-source address * port *;
: query-source UDP TCP IP
max-transfer-time-in
( named-xfer ) 120 (2 )
transfer-format
2 one-answer 1 DNS many-answers 1 many-answers BIND 8.1 BIND 4.9.5
one-answer transfer-format server
transfers-in
10 transfers-in
transfers-out
transfers-per-ns
( named-xfer ) 2 transfers-per-ns transfers-per-ns server transfers
transfer-source
transfer-source TCP allow-transfer transfer-source transfer-source
cannot set resource limits on this system
1 1G 1073741824 unlimited default size_spec
coresize
default
datasize
default
files
unlimited unlimited unlimited getrlimit(RLIMIT_NOFILE) rlim_max
sysconf(_SC_OPEN_MAX) limit files
max-ixfr-log-size
max-ixfr-log-size
stacksize
default
cleaning-interval
cleaning-interval 60 0
heartbeat-interval
dialup yes 60 1 (1440 ) 0
interface-interval
interface-interval 60 0 (listener) ( listen-on )
statistics-interval
statistics-interval 60 0
1 topology
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
10 1.2.0.0 ( 255.255.255.0) 3 1.2.3 ( 255.255.255.0)
topology { localhost; localnets; };
RR (: ) RR RR
RR
sortlist topology
1 2 (IP IP ACL )
1 2 2 topology
192.168.1/24 192.168.2/24 192.168.3/24 2 192.168.1/24 192.168.2/24
{ localhost; //
{ localnets; //
192.168.1/24; //
{ 192,168.2/24; 192.168.3/24; }; }; };
{ 192.168.1/24; // C 192.168.1
{ 192.168.1/24; // .1 .2 .3
{ 192.168.2/24; 192.168.3/24; }; }; };
{ 192.168.2/24; // C 192.168.2
{ 192.168.2/24; // .2 .1 .3
{ 192.168.1/24; 192.168.3/24; }; }; };
{ 192.168.3/24; // C 192.168.3
{ 192.168.3/24; // .3 .1 .2
{ 192.168.1/24; 192.168.2/24; }; }; };
{ { 192.168.4/24; 192.168.5/24; }; // .4 .5
}; //
};
BIND 4.9.x
{ localhost; localnets; };
{ localnets; };
};
RRset
rrset-order ()
order_spec :
[ class class_name ][ type type_name ][ name "FQDN" ] order ordering
ANY Ictype ANY "*"
ordering :
fixed
random
cyclic
rrset-order {
class IN type A name "rc.vix.com" order random;
order cyclic;
};
"rc.vix.com" IN A
rrset-order
rrset-order
rrset-order { class ANY type ANY name "*" order cyclic ; };
lame-ttl
0 600 (10 ) 1800 (30 )
max-ncache-ttl
max-ncache-ttl max-ncache-ttl 10800 (3 ) max-ncache-ttl () (7 ) 7
7
min-roots
2
zone
zone domain_name [ ( in | hs | hesiod | chaos ) ] {
type master;
file path_name;
[ check-names ( warn | fail | ignore ); ]
[ allow-update { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
[ dialup yes_or_no; ]
[ notify yes_or_no; ]
[ also-notify { ip_addr; [ ip_addr; ... ] };
[ pubkey number number number string; ]
};
zone domain_name [ ( in | hs | hesiod | chaos ) ] {
type ( slave | stub );
[ file path_name; ]
masters [ port ip_port ] { ip_addr; [ ip_addr; ... ] };
[ check-names ( warn | fail | ignore ); ]
[ allow-update { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
[ transfer-source ip_addr; ]
[ max-transfer-time-in number; ]
[ notify yes_or_no; ]
[ also-notify { ip_addr; [ ip_addr; ... ] };
[ pubkey number number number string; ]
};
zone domain_name [ ( in | hs | hesiod | chaos ) ] {
type forward;
[ forward ( only | first ); ]
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
[ check-names ( warn | fail | ignore ); ]
};
type hint;
file path_name;
[ check-names ( warn | fail | ignore ); ]
};
zone DNS 5
master
slave
slave masters 1 IP port file file
stub
stub slave NS
forward
forward option options
forwarders zone forwarders options forwarders forward forwarders
hint
hint
: BIND primary secondary hint cache
in ()
hesiod MIT Project Athena ftp://athena-
dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS hs hesiod
MIT 1 1970 LAN CHAOSnet LISP AI CHAOSnet chaos
check-names
options
allow-query
options allow-query
allow-update
DNS
allow-transfer
options allow-transfer
transfer-source
transfer-source TCP allow-transfer
max-transfer-time-in
options max-transfer-time-in
dialup
options dialup
notify
options notify
also-notify
notify also-notify DNS NOTIFY () also-notify IP also-notify stub
forward
forward forwarders only forwarders first
forwarders
forwarders forwarders forward
pubkey
DNSSEC base-64
acl
acl name {
address_match_list
};
acl (ACL)
acl
ACL :
any
none
localhost
IP
localnets
key
key key_id {
algorithm algorithm_id;
secret secret_string;
};
key ID ID server IP ID server key
algorithm_id / secret_string base-64 named.conf secret_string named.conf
trusted-keys
[ domain_name flags protocol algorithm key; ]
};
trusted-keys RFC 2065 DNSSEC DNSSEC 3 : DNSSEC RFC2065
http://www.ietf.org/ids.by.wg/dnssec.html
flags, protocol, algorithm key base-64
server
server ip_addr {
[ bogus yes_or_no; ]
[ transfers number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ keys { key_id [ key_id ... ] }; ]
};
server
bogus bogus no bogus bogus
2 1 one-answer 1 DNS many-answers 1 many-answers BIND 8.1 BIND 4.9.5
transfer-format transfer-format options transfer-format
transfers
keys key key_id key server
keys
controls
[ inet ip_addr
port ip_port
allow { address_match_list; }; ]
[ unix path_name
perm number
owner number
group number; ]
};
controls ndc DNS
unix FIFO ( chmod(1) ) named chmod perm 0 8 owner group
inet TCP/IP ip_addr ip_port telnet ARPAnet 127.0.0.1 ip_addr
include
include path_name;
include
acl internal_hosts { include internal_hosts.acl; };
include :
ACL BIND
type hint;
file "/var/named/root.cache";
};
/*
* BIND 8
*/
category lame-servers { null; };
category cname { null; };
};
directory "/var/named";
};
inet * port 52 allow { any; }; //
unix "/var/run/ndc" perm 0600 owner 0 group 0; //
};
type master;
file "master/isc.org";
};
type slave;
file "slave/vix.com";
masters { 10.0.0.53; };
};
type master;
file "master/127.0.0";
};
type hint;
file "root.cache";
};
/etc/namedb/named.conf
BIND 8 named