Internet Services Delta Manual for HP-UX 11i Version 1.6
(grant | deny ) identity nametype name [ types ]
Each rule grants or denies privileges. Once a message has successfully matched a rule, the
operation is immediately granted or denied and no further rules are examined.
The identity field specifies a name or a wildcard name. The nametype field has 4 values,
name, subdomain, wildcard, and self.
If the nametype field is not specified, the rule matches all types except SIG, NS, SOA, and
NXT Resource Records. Types may be specified by name, including "ANY" (ANY matches
all types except NXT, which can never be updated).
• max-transfer-time-out
This option is used to specify the time period for which Outbound zone transfers will run.
Default is 2 hrs.
• max-transfer-idle-out
This option is used to specify the time period for which Outbound zone transfers are idle.
Default is 60 mins.
• sig-validity-interval
This option is used to specify the expiry time of DNSSEC signature that is automatically
generated as a result of updates. Default is 30 days.
• match-clients
This option is used to specify the IP addresses of the namespace defined by each view
statement.
• zone
This option is used to specify the IP addresses of the namespace defined by each view
statement.
• View
This is an option that lets a nameserver answer a DNS query differently, depending on whether
it is an internal query or external query. This is used to setup split DNS. All the below options
of view are similar to those that are defined in "options" statement:
1. auth-nxdomain
2. notify
3. recursion
4. also-notify
5. forward
6. forwarders
7. allow-query
8. allow-transfer
9. allow-recursion
10. query-source
11. max-transfer-time-out
12. max-transfer-idle-out
13. max-cache-ttl
14. max-ncache-ttl
15. transfer-format
16. transfer-source
17. request-ixfr
18. provide-ixfr
36 BIND 9.2.0