Bind 9 Administrator Reference Manual
Chapter 6. BIND 9 Configuration Reference
zone-statistics
If yes, the server will keep statistical information for this zone, which can be dumped to the
statistics-file defined in the server options.
sig-validity-interval
See the description of sig-validity-interval in Section 6.2.14.14.
transfer-source
See the description of transfer-source in Section 6.2.14.6
transfer-source-v6
See the description of transfer-source-v6 in Section 6.2.14.6
notify-source
See the description of notify-source in Section 6.2.14.6
notify-source-v6
See the description of notify-source-v6 in Section 6.2.14.6.
min-refresh-time
max-refresh-time
min-retry-time
max-retry-time
See the description in Section 6.2.14.14.
6.2.22.4. Dynamic Update Policies
BIND 9 supports two alternative methods of granting clients the right to perform dynamic updates to a
zone, configured by the allow-update and update-policy option, respectively.
The allow-update clause works the same way as in previous versions of BIND. It grants given clients the
permission to update any record of any name in the zone.
The update-policy clause is new in BIND 9 and allows more fine-grained control over what updates are
allowed. A set of rules is specified, where each rule either grants or denies permissions for one or more
names to be updated by one or more identities. If the dynamic update request message is signed (that is,
it includes either a TSIG or SIG(0) record), the identity of the signer can be determined.
Rules are specified in the update-policy zone option, and are only meaningful for master zones. When
the update-policy statement is present, it is a configuration error for the allow-update statement to be
88