C.2 named.boot Configuration Commands

The /etc/named.boot file defines the name server configuration and tells named where to obtain the name server database information. named.boot contains the following types of records:

directory directory-path

Defines a default directory used for all subsequent file references anywhere in the named configuration. If named is forced to dump memory, the memory dump is stored in this directory.

primary domain-name file-name

Declares the local name server as the primary master server for the domain specified by domain-name . As a primary server, the system loads the name server database from the local disk file specified by name in the file-name field.

secondary domain-name server-address-list file-name

Makes the local server a secondary master server for the domain identified by domain-name . The server-address-list contains the IP address of at least one other master server for this domain. Multiple addresses can be provided in the list, but at least the primary server's address should be provided. The local server will try each server in the list until it successfully loads the name server database. The local server transfers the entire domain database and stores all of the data it receives in a local file identified by file-name . After completing the transfer, the local server answers all queries for information about the domain with complete authority.

cache . file-name

The cache command points to the file used to initialize the name server cache with a list of root servers. This command starts with the keyword cache , followed by the name of the root domain (.), and ends with the name of the file that contains the root server list. This file can have any name you wish, but it is usually called named.ca , named.root , or root.cache . The cache command is included in every named.boot file. named needs the list of root servers as a starting point from which to locate all other DNS domains.

forwarders server-address server-address ...

The forwarders command provides named with a list of servers to try if it can't resolve a query from its own cache. In the syntax shown, server-address is the IP address of a server on your network that can perform a recursive name server query for the local host. (A recursive query [2] means that the remote server pursues the answer to the query, even if it does not have the answer itself, and returns the answer to the originator.) The servers listed on the forwarders command line (the servers are also called "forwarders") are tried in order until one responds to the query. The listed servers develop an extensive cache that benefits every host that uses them. Because of this, their use is often recommended. If you plan to use forwarders , your network administrator should define the list of forwarders for your network. The forwarders only develop a rich cache if they are used by several hosts.

[2] Chapter 3, Network Services , discusses recursive and nonrecursive name server queries.

slave

The slave command forces the local server to use only the servers listed on the forwarders command line. The slave command can only be used if a forwarders command is also present in the named.boot file. A server that has a slave command in its named.boot file is called a slave server . A slave server does not attempt to contact the authoritative servers for a domain, even if the forwarding servers do not respond to its query. Regardless of the circumstances, a slave server queries only the forwarders. The slave command is used when limited network access makes the forwarders the only servers that can be reached by the local host. The slave command is not used on systems that have full Internet access because it limits their flexibility.

sortlist network network ...

The sortlist command causes named to prefer addresses from the listed networks over addresses from other networks. Normally, DNS sorts the addresses in a response only if the host issuing the query and the name server share a network. In that case, the shared network is the preferred network.

xfrnets address [ & mask] ...

The xfrnets command limits zone transfers to hosts with the specified address . The address is written in dotted decimal notation and is intepreted as a network address. The optional mask field is used to change the interpretation of the address . When a bit is on in the mask field, that bit is significant for determining which hosts will be allowed to receive a zone file transfer. For example, xfrnets 172.16.0.0 allows every host on network 172.16 to do zone file transfers, while xfrnets 172.16.12.3&255.255.255.255 limits zone file transfers to the single host 172.16.12.3.

For security reasons, many sites do not want to let everyone list all of the hostnames in their domain. xfrnets limits the ability to retrieve your entire domain to specific, trusted hosts. tcplist is an alternative form of this command maintained for compatibility with older server implementations.

include file

The include command includes the contents of file at the location that the command appears in the boot file. This command can be used for very large configurations that are maintained by different people.

bogusns address address ...

The bogusns command prevents queries from being sent to the name server specified by address . address must be an IP address, not a domain name. This command is used to avoid cache contamination when you know that a remote name server is providing incorrect informatiom. bogusns is only a temporary fix placed in the boot file until the remote domain administrator has a chance to fix the real problem.

limit name value

The limit command changes BIND's internal quotas. value is a number that specifies the new quota setting. k , m , or g , for kilobytes, megabytes, and gigabytes, respectively, can be appended to the new quota value number as appropriate. name is the name of the quota being set. There are four possible values for name : datasize sets the process data size quota; [3] transfers-in sets the number of named transfer subprocesses that BIND may spawn at any one time; transfers-per-ns sets the maximum number of simultaneous zone transfers allowed to any one remote nameserver. There can be multiple limit commands in a boot file - one for each quota that is being set.

[3] This is a kernel quota and therefore can be set only on systems that provide a kernel call to implement this.

options option option ...

The options command enables optional features of BIND. The option keywords are Booleans. Specifying an option on the command line turns on the optional behavior. By default, the optional features are turned off. Valid option values are: query-log  - logs all queries via syslogd, which produces a very large amount of log data. forward-only  - all queries are to be sent to the forwarders; this is exactly the same as the slave command, though this syntax is now preferred over the slave syntax. fake-iquery  - the nameserver responds to inverse queries with a fake reply rather than an error; used if you have some clients that cannot properly handle the error. no-recursion  - the name server answers a query for data only in a zone for which it is authoritative; all other queries are answered with a referral to another server. no-fetch-glue  - the nameserver does not fetch missing glue records for a query response; the resulting response could be incomplete; it is used with no-recursion to limit cache growth and reduce the chance of cache corruption.

check-names source action

The check-names command tells the name server to check host names against the standards for hostnames defined in RFC 952, and to check non-hostname responses to make sure that they contain nothing but printable characters. The source is the source of the hostname or string data that is being checked. The source can be primary for the primary zone file; secondary for the secondary zone file, or response for the message received during recursive search. The action tells the name server what to do when an error is detected: fail (reject the data; do not load, cache, or forward it); warn (send an error message to the system log); or ignore (process the data as if no error occurred). Multiple check-names commands can appear in a boot file; one for each source of data. The action for each source can be different.

max-fetch value

The max-fetch command performs exactly the same function as the limit transfers-in command described previously. The limit command is now the preferred syntax.

At this writing, an experimental named.boot command is supported in some configurations:

stub domain-name server-address-list file-name

This command declares that this is a "stub" server for the domain specified by domain-name . The stub information is loaded from a server specified in the server-address-list and is stored in the file identified by file-name . The format of the stub command is the same as the secondary command and the functions of the fields in the command are the same. However, the stub command has very limited applicability. It is only used on a primary host that is not secondary for its subordinate domains. In that limited case, it is used to ensure that the primary host has the correct NS records for its subordinate domains.

There is a named.boot command that is no longer widely supported. You'll occasionally encounter descriptions of it in material written about name service, and for that reason it's discussed here. But don't use it in your configurations. It is:

domain name

This command functions in exactly the same way as the domain command used in the resolv.conf file. It is an obsolete command and may not be available in future releases of BIND. You don't need this command because the default domain name is easily defined in resolv.conf .