bind9 named.conf 詳解
acl:定義IP地址表的名字,用于訪問控制等
語(yǔ)法:
acl acl-name {
address_match_list;
}
controls:宣告一個(gè)用于rndc工具控制通道
語(yǔ)法:
controls {
[ inet ( ip_addr | * ) [ port ip_port ] allow { address_match_list }
keys { key_list }; ]
[ inet ...; ]
[ unix path perm number owner number group number keys { key_list }; ]
[ unix ...; ]
};
include:包含一個(gè)文件
語(yǔ)法:
include filename;
key:定義key信息用于驗(yàn)證和TSIG驗(yàn)證
語(yǔ)法:
key key_id {
algorithm string;
secret string;
};
logging:定義bing服務(wù)的日志, channel -> categroy.
語(yǔ)法:
logging {
[ channel channel_name {
( file path name
[ versions ( number | unlimited ) ]
[ size size spec ]
| syslog syslog_facility
| stderr
| null );
[ severity (critical | error | warning | notice |
info | debug [ level ] | dynamic ); ]
[ print-category yes or no; ]
[ print-severity yes or no; ]
[ print-time yes or no; ]
}; ]
[ category category_name {
channel_name ; [ channel_name ; ... ]
}; ]
...
};
category 參數(shù):
default: 默認(rèn)分類,沒有分類的日志都使用這個(gè)分類的配置.
general: 沒有分類的日志都記錄在此分類中.
database: 服務(wù)器內(nèi)部使用存儲(chǔ)zone和緩存數(shù)據(jù).
security: 允許/拒絕的請(qǐng)求.
config: 配置文件分析和處理.
resolver: DNS解析,被dns緩存服務(wù)器進(jìn)行遞歸查詢.
xfer-in: 接收區(qū)域傳輸.
xfer-out: 發(fā)送區(qū)域傳輸.
notify: NOTIFY協(xié)議.
client: 客戶端請(qǐng)求進(jìn)程.
unmatched: 未匹配的查詢?
network: 網(wǎng)絡(luò)操作.
update: 動(dòng)態(tài)更新.
update-security: 允許/拒絕更新請(qǐng)求.
queries: 客戶端隊(duì)列日志.
dispatch: 數(shù)據(jù)包傳送日志.
dnssec: DNSSEC和TSIG協(xié)議處理.
lame-servers: 遠(yuǎn)端的配置錯(cuò)誤的服務(wù)器發(fā)送的請(qǐng)求.
delegation-only: NXDOMAIN的結(jié)果將被強(qiáng)制定義到delegation-only區(qū)域
lwres:定義named為一個(gè)輕量級(jí)的解析進(jìn)程
語(yǔ)法:
lwres {
[ listen-on { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
[ view view_name; ]
[ search { domain_name ; [ domain_name ; ... ] }; ]
[ ndots number; ]
};
masters:定義主域服務(wù)器列表
語(yǔ)法:
masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] };
options:設(shè)定全局配置選項(xiàng)和默認(rèn)值
語(yǔ)法:
options {
[ version version_string; ]
[ hostname hostname_string; ]
[ server-id server_id_string; ]
[ directory path_name; ]
[ key-directory path_name; ]
[ named-xfer path_name; ]
[ tkey-domain domainname; ]
[ tkey-dhkey key_name key_tag; ]
[ cache-file path_name; ]
[ dump-file path_name; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ statistics-file path_name; ]
[ zone-statistics yes_or_no; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup dialup_option; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ flush-zones-on-shutdown yes_or_no; ]
[ has-old-clients yes_or_no; ]
[ host-statistics yes_or_no; ]
[ host-statistics-max number; ]
[ minimal-responses yes_or_no; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no | explicit | master-only; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ maintain-ixfr-base yes_or_no; ]
[ dnssec-enable yes_or_no; ]
[ dnssec-validation yes_or_no; ]
[ dnssec-lookaside domain trust-anchor domain; ]
[ dnssec-must-be-secure domain yes_or_no; ]
[ dnssec-accept-expired yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
[ dual-stack-servers [port ip_port] {
( domain_name [port ip_port] |
ip_addr [port ip_port] ) ;
... }; ]
[ check-names ( master | slave | response )
( warn | fail | ignore ); ]
[ check-mx ( warn | fail | ignore ); ]
[ check-wildcard yes_or_no; ]
[ check-integrity yes_or_no; ]
[ check-mx-cname ( warn | fail | ignore ); ]
[ check-srv-cname ( warn | fail | ignore ); ]
[ check-sibling yes_or_no; ]
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-query-cache { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ update-check-ksk yes_or_no; ]
[ allow-v6-synthesis { address_match_list }; ]
[ blackhole { address_match_list }; ]
[ avoid-v4-udp-ports { port_list }; ]
[ avoid-v6-udp-ports { port_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[ query-source ( ( ip4_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip4_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ query-source-v6 ( ( ip6_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip6_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ tcp-clients number; ]
[ recursive-clients number; ]
[ serial-query-rate number; ]
[ serial-queries number; ]
[ tcp-listen-queue number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ transfer-source (ip4_addr | *) [port ip_port] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ alt-transfer-source (ip4_addr | *) [port ip_port] ; ]
[ alt-transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ use-alt-transfer-source yes_or_no; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
最后編輯于 :
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。
