The following is a list of lesser used statement types available within
controls — Configures various security requirements necessary to use the
rndc command to administer the
key "<key-name>" — Defines a particular key by name. Keys are used to authenticate various actions, such as secure updates or the use of the
rndc command. Two options are used with
algorithm <algorithm-name> — The type of algorithm used, such as
secret "<key-value>" — The encrypted key.
logging — Allows for the use of multiple types of logs, called channels. By using the
channel option within the
logging statement, a customized type of log, with its own file name (
file), size limit (
size), versioning (
version), and level of importance (
severity), can be constructed. Once a customized channel has been defined, a
category option is used to categorize the channel and begin logging when
named is restarted.
named logs standard messages to the
syslog daemon, which places them in
/var/log/messages. This occurs because several standard channels are built into BIND with various severity levels, such as one that handles informational logging messages (
default_syslog) and another that specifically handles debugging messages (
default_debug). A default category, called
default, uses the built-in channels to do normal logging without any special configuration.
Customizing the logging process can be a very detailed process and is beyond the scope of this chapter. For information on creating custom BIND logs, refer to the BIND 9 Administrator Reference Manual
referenced in Section 12.7.1, “Installed Documentation”
server — Specifies options that affect how
named should respond to remote nameservers, especially in regards to notifications and zone transfers.
transfer-format option controls whether one resource record is sent with each message (
one-answer) or multiple resource records are sent with each message (
many-answers is more efficient, only newer BIND nameservers understand it.
— Contains assorted public keys used for secure DNS (DNSSEC). Refer to Section 12.5.3, “Security”
for more information concerning BIND security.
view "<view-name>" — Creates special views depending upon which network the host querying the nameserver is on. This allows some hosts to receive one answer regarding a zone while other hosts receive totally different information. Alternatively, certain zones may only be made available to particular trusted hosts while non-trusted hosts can only make queries for other zones.
Multiple views may be used, but their names must be unique. The
match-clients option specifies the IP addresses that apply to a particular view. Any
options statements may also be used within a view, overriding the global options already configured for
view statements contain multiple
zone statements that apply to the
match-clients list. The order in which
view statements are listed is important, as the first
view statement that matches a particular client's IP address is used.