The following is a list of lesser used statement types available within
Configures various security requirements necessary to use the
rndc command to administer the
Defines a particular key by name. Keys are used to authenticate various actions, such as secure updates or the use of the
rndc command. Two options are used with
algorithm <algorithm-name> — The type of algorithm used, such as
secret "<key-value>" — The encrypted key.
Allows for the use of multiple types of logs, called channels. By using the
channel option within the
logging statement, a customized type of log can be constructed — with its own file name (
file), size limit (
size), versioning (
version), and level of importance (
severity). Once a customized channel is defined, a
category option is used to categorize the channel and begin logging when
named is restarted.
named logs standard messages to the
syslog daemon, which places them in
/var/log/messages. This occurs because several standard channels are built into BIND with various severity levels, such as
default_syslog (which handles informational logging messages) and
default_debug (which specifically handles debugging messages). A default category, called
default, uses the built-in channels to do normal logging without any special configuration.
Customizing the logging process can be a very detailed process and is beyond the scope of this chapter. For information on creating custom BIND logs, refer to the BIND 9 Administrator Reference Manual
referenced in Section 19.7.1, “Installed Documentation”
Specifies options that affect how
named should respond to remote nameservers, especially with regard to notifications and zone transfers.
transfer-format option controls whether one resource record is sent with each message (
one-answer) or multiple resource records are sent with each message (
many-answers is more efficient, only newer BIND nameservers understand it.
Contains assorted public keys used for secure DNS (DNSSEC). Refer to Section 19.5.3, “Security”
for more information concerning BIND security.
Creates special views depending upon which network the host querying the nameserver is on. This allows some hosts to receive one answer regarding a zone while other hosts receive totally different information. Alternatively, certain zones may only be made available to particular trusted hosts while non-trusted hosts can only make queries for other zones.
Multiple views may be used, but their names must be unique. The
match-clients option specifies the IP addresses that apply to a particular view. Any
options statement may also be used within a view, overriding the global options already configured for
view statements contain multiple
zone statements that apply to the
match-clients list. The order in which
view statements are listed is important, as the first
view statement that matches a particular client's IP address is used.