port
The UDP/TCP port number the server uses for receiving and sending DNS protocol traffic. +The default is 53. This option is mainly intended for server testing; +a server using a port other than 53 will not be able to communicate with +the global DNS. +The port option should be placed at +the beginning of the options block, before +any other options that take port numbers or IP addresses, +to ensure that the port value takes effect for all addresses +used by the server.
+(Information present outside of the authoritative -nodes in the zone is called glue information). -If This option is obsolete. +In BIND 8, yesfetch-glue yes (the default), the server will fetch -glue resource records it doesn't have when constructing the additional -data section of a response. fetch-glue no can -be used in conjunction with recursion no to -prevent the server's cache from growing or becoming corrupted (at -the cost of requiring more work from the client).
Note: Not yet -implemented in BIND 9.
If yes, then statistics -are kept for every host that the nameserver interacts with. The -default is no.
Note: turning on host-statistics can consume -huge amounts of memory.
Note: Not yet implemented in BIND 9.
serial-queries option sets the maximum number +> option set the maximum number of concurrent serial-number queries allowed to be outstanding at -any given time. The default is 4.
Note: If a server loads a large (tens or - hundreds of thousands) number of slave zones, then - this limit should be raised to the high hundreds - or low thousands, otherwise the slave server may - never actually become aware of zone changes in the - master servers. Beware, though, that setting this - limit arbitrarily high can spend a considerable - amount of your slave server's network, CPU, and - memory resources. As with all tunable limits, this - one should be changed gently and monitored for its - effects.
Note: Not yet implemented in BIND 9.
The max-ixfr-log-size will -be used in a future release of the server to limit the size of the -transaction log kept for Incremental Zone Transfer.
Note: Not -yet implemented in BIND 9.
Note: Not yet implemented in BIND 9.
Access to the dynamic update facility should be strictly limited. -In earlier versions of Access to the dynamic +update facility should be strictly limited. In earlier versions of +BIND the only way to do this was based on -the IP address of the host requesting the update. BIND9 also -supports authenticating updates cryptographically by means of transaction -signatures (TSIG). The use of TSIG is strongly recommended.
the only way to do this was based on the IP +address of the host requesting the update, by listing an IP address or +network prefix in the allow-update zone option. +This method is insecure since the source address of the update UDP packet +is easily forged. Also note that if the IP addresses allowed by the +allow-update option include the address of a slave +server which performs forwarding of dynamic updates, the master can be +trivially attacked by sending the update to the slave, which will +forward it to the master with its own source IP address causing the +master to approve it without question.For these reasons, we strongly recommend that updates be +cryptographically authenticated by means transaction signatures (TSIG). +That is, the allow-update option should list only +TSIG key names, not IP addresses. Alternatively, the new +update-policy option can be used.
Some sites choose to keep all dynamically updated DNS data in a subdomain and delegate that subdomain to a separate zone. This diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index 74f51ea56c..584b57c5ac 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -75,17 +75,17 @@ CLASS="TOC" >
.
[RFC974] C. Partridge, [RFC1034] P.V. Mockapetris, [RFC1035] P. V. Mockapetris, [RFC2181] R., R. Bush Elz, [RFC2308] M. Andrews, [RFC1995] M. Ohta, [RFC1996] P. Vixie, [RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound, [RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington, [RFC1886] S. Thomson and C. Huitema, [RFC2065] D. Eastlake, 3rd and C. Kaufman, [RFC2137] D. Eastlake, 3rd, [RFC1535] E. Gavron, [RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller, [RFC1982] R. Elz and R. Bush, [RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris, [RFC1706] B. Manning and R. Colella, [RFC2168] R. Daniel and M. Mealling, [RFC1876] C. Davis, P. Vixie, T., and I. Dickinson, [RFC2052] A. Gulbrandsen and P. Vixie, [RFC2163] A. Allocchio, [RFC2230] R. Atkinson, [RFC1101] P. V. Mockapetris, [RFC1123] Braden, [RFC1591] J. Postel, [RFC2317] H. Eidnes, G. de Groot, and P. Vixie, [RFC1537] P. Beertema, [RFC1912] D. Barr, [RFC1912] D. Barr, [RFC2010] B. Manning and P. Vixie, [RFC2219] M. Hamilton and R. Wright, [RFC1464] R. Rosenbaum, [RFC1713] A. Romao, [RFC1794] T. Brisco, [RFC2240] O. Vaughan, [RFC2345] J. Klensin, T. Wolf, and G. Oglesby, [RFC2352] O. Vaughan, [RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni, Paul Albitz and Cricket Liu, Proposed Standards Still Under Development
Other Important RFCs About DNS
Resource Record Types
DNS
DNS
Other DNS
Obsolete and Unimplemented Experimental RRs
A.4.3. Other Documents About BIND
Bibliography