BIND Configuration File Guide--zone Statement

Syntax

 
zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type master;
  file path_name;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ dialup yes_or_no; ]
  [ notify yes_or_no; ]
  [ also-notify { ip_addr; [ ip_addr; ... ] };
  [ ixfr-base  path_name; ]
  [ pubkey number number number string; ]
};

zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type ( slave | stub );
  [ file path_name; ]
  [ ixfr-base  path_name; ]
  masters [ port ip_port ] { ip_addr; [ ip_addr; ... ] };
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ transfer-source ip_addr; ]
  [ dialup yes_or_no; ]
  [ max-transfer-time-in number; ]
  [ notify yes_or_no; ]
  [ also-notify { ip_addr; [ ip_addr; ... ] };
  [ pubkey number number number string; ]
};

zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type forward;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
};

zone "." [ ( in | hs | hesiod | chaos ) ] { 
  type hint;
  file path_name;
  [ check-names ( warn | fail | ignore ); ]
};

Definition and Usage

Zone Types

master
The server has a master copy of the data for the zone and will be able to provide authoritative answers for it.
slave
A slave zone is a replica of a master zone. The masters list specifies one or more IP addresses that the slave contacts to update its copy of the zone. If a port is specified then checks to see if the zone is current and zone transfers will be done to the port given. If file is specified, the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of file is recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to use a two level naming scheme for zone file names. For example, a slave server for the zone vix.com might place the zone contents into a file called "vi/vix.com" where vi/ is just the first two letters of the zone name. (Most operating systems behave very slowly if you put 100K files into a single directory.)
stub
A stub zone is like a slave zone, except that it replicates only the NS records of a master zone instead of the entire zone.
forward
A forward zone is used to direct all queries in it to other servers. The specification of options in such a zone will override any global options declared in the options statement.

If either no forwarders statement is present in the zone or an empty list for forwarders is given, no forwarding will be done for the zone, cancelling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change the behavior of the global forward option, and not the servers used, you also need to respecify the global forwarders.

hint
The initial set of root nameservers is specified using a hint zone. When the server starts up, it uses the root hints to find a root nameserver and get the most recent list of root nameservers.

Note: previous releases of BIND used the term primary for a master zone, secondary for a slave zone, and cache for a hint zone.

Class

The zone's name may optionally be followed by a class. If a class is not specified, class in (for "internet"), is assumed. This is correct for the vast majority of cases.

The hesiod class is for an information service from MIT's Project Athena. It is used to share information about various systems databases, such as users, groups, printers and so on. More information can be found at MIT. The keyword hs is a synonym for hesiod.

Another MIT development was CHAOSnet, a LAN protocol created in the mid-1970s. It is still sometimes seen on LISP stations and other hardware in the AI community, and zone data for it can be specified with the chaos class.

Options

check-names
See Name Checking.
allow-query
See the description of allow-query in the Access Control section. Note that this should in general be more restrictive than the similar global option of the same name; otherwise, confusing and nonworthwhile delegations will be returned.
allow-update
Specifies which hosts are allowed to submit Dynamic DNS updates to the server. The default is to deny updates from all hosts.
allow-transfer
See the description of allow-transfer in the Access Control section.
transfer-source
transfer-source determines which local address will be bound to the TCP connection used to fetch this zone. If not set, it defaults to a system controlled value which will usually be the address of the interface ``closest to'' the remote end. This address must appear in the remote end's allow-transfer option for this zone if one is specified.
ixfr-base
ixfr-base specifies the file name used for IXFR transaction log file.
max-transfer-time-in
See the description of max-transfer-time-in in the Zone Transfers section.
dialup
See the description of dialup in the Boolean Options section.
notify
See the description of notify in the Boolean Options section.
also-notify
also-notify is only meaningful if notify is active for this zone. The set of machines that will receive a DNS NOTIFY message for this zone is made up of all the listed nameservers for the zone (other than the primary master) plus any IP addresses specified with also-notify. also-notify is not meaningful for stub zones. The default is the empty list.
forward
forward is only meaningful if the zone has a forwarders list. The only value causes the lookup to fail after trying the forwarders and getting no answer, while first would allow a normal lookup to be tried.
forwarders
The forwarders option in a zone is used to override the list of global forwarders. If it is not specified in a zone of type forward, no forwarding is done for the zone; the global options are not used.
pubkey
A pubkey represents a public key for this zone. It is needed when this is the top level authoritative zone served by this server and there is no chain of trust to a trusted key. It is considered secure, so that data that it signs will be considered secure. The DNSSEC flags, protocol, and algorithm are specified, as well as a base-64 encoded string representing the key.

[ BIND Config. File | BIND Home | ISC ]

Last Updated: $Id: zone.html,v 1.23 1999/09/30 17:58:41 cyarnell Exp $