Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS

Conﬁguring and Managing BIND

5.3 Conﬁguring the BIND Server (BIND 8.1)

When used with the

topology

clause, a non-negated match returns a distance

based on its position on the list. (The closer the match is to the start of the list,

the shorter the distance is between the match and the server.) A negated match

is assigned the maximum distance from the server. If there is no match, the

address gets a distance that is further than any non-negated list element and

closer than any negated element.

Because of the ﬁrst-match aspect of the algorithm, an element that deﬁnes a

subset of another element in the list should come before the broader element,

regardless of whether either one is negated. For example, in

1.2.3/24; !

1.2.3.13;

the

1.2.3.13

element is useless because the algorithm matches any

lookup for

1.2.3.13

to the

1.2.3/24

element. Using

! 1.2.3.13; 1.2.3/24

ﬁxes

that problem by having

1.2.3.13

blocked by the negation, but ignores all the

other

1.2.3.*

hosts.

5.3.6 Dynamic Updates

BIND 8.1 includes support for dynamic updates as speciﬁed in RFC 2136

(excluding support for the security mechanism described by RFC 2137). Any

update requests received from hosts that are on the server’s allowed list are

honored. Dynamic updates allow the addition or deletion of resource records (RR)

and RR sets from a speciﬁed zone.

By default, BIND 8.1 servers reject all dynamic update requests. This is a

security mechanism that gives the zone administrator the ability to decide which

hosts can submit dynamic updates. You specify the hosts from which a server will

process requests by using the

allow-update

substatement. The

allow-update

substatement is applicable to a zone. You cannot specify this substatement as

part of an

options

statement.

The syntax of the

allow-update

substatement is as follows:

allow-update { address_match_list } ;

The following example shows the use of the

allow_update

substatement:

zone "FRED.PARROT.BIRD.COM" in {

type master;

file "FRED_PARROT_BIRD_COM.DB";

allow-update {

99.1.2.3;

99.4.5.6;

}

IP addresses, IP preﬁxes, ACLs, and IP address match lists are all valid elements

for the

allow-update

substatement.

When dynamic updates are sent to and accepted by a name server, the name

server does the following:

• Adds the updates to (or deletes the updates from) the memory cache copy of

the zone’s resource records.

• Saves the updates to a transaction log ﬁle. The default name for this ﬁle is

domain_name.DB_LOG.

5–20 Conﬁguring and Managing BIND