Manualshelf

Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS
81828384858687888990
Configuring and Managing BIND
5.3 Configuring the BIND Server (BIND 8.1)
5.3.4 BIND Configuration Zone Statement
The zone statement defines zones maintained by the name server. The statement
has the following syntax:
zone domain_name [ ( in | hs | hesiod | chaos ) ] {
type master;
file path_name;
[ check-names ( warn | fail | ignore ); ]
[ allow-update { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ notify yes_or_no; ]
[ forward ( only | first ); ]
[ also-notify { ip_addr; [ ip_addr; ... ] };
};
zone domain_name [ ( in | hs | hesiod | chaos ) ] {
type ( slave | stub );
[ file path_name; ]
masters [ port ip_port ] { ip_addr; [ ip_addr; ... ] };
[ check-names ( warn | fail | ignore ); ]
[ allow-update { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ max-transfer-time-in number; ]
[ notify yes_or_no; ]
[ also-notify { ip_addr; [ ip_addr; ... ] };
};
zone "." [ ( in | hs | hesiod | chaos ) ] {
type hint;
file path_name;
[ check-names ( warn | fail | ignore ); ]
};
5.3.5 Address Match Lists and ACLs
BIND 8.1 uses address match lists for security. Address match lists are lists of
elements that can include the following:
An IP address (in dotted-decimal notation)
An IP prefix (in the /-notation)
The name of an address match list previously defined with the
acl
statement
An IP address match list
The ACLs
any
,
none
,
localhost
, and
localnets
are predefined. Elements can be
negated with a leading
!
.
When a given IP address or prefix is compared to an address match list, the list
is traversed in order, and the first match (regardless of negation) is used. The
interpretation of a match depends on whether the list is being used for access
control or as a topology.
When used as an access control list, a non-negated match allows access, and a
negated match denies access. If there is no match, access is denied. The clauses
allow-query
,
allow-transfer
, and
allow-update
all use address match lists like
this. Similarly, the
listen-on
clause can use negation to define local addresses
that should not be used to accept name server connections.
Configuring and Managing BIND 5–19