100.
The maximum amount of memory to use for the -server's cache, in bytes. When the amount of data in the cache +
+The maximum amount of memory to use for the
+server's cache, in bytes.
+When the amount of data in the cache
reaches this limit, the server will cause records to expire
-prematurely so that the limit is not exceeded. In a server with
-multiple views, the limit applies separately to the cache of each
-view. The default is unlimited, meaning that
-records are purged from the cache only when their TTLs expire.
+prematurely so that the limit is not exceeded.
+A value of 0 is special, meaning that
+records are purged from the cache only when their
+TTLs expire.
+Another special keyword unlimited
+means the maximum value of 32-bit unsigned integers
+(0xffffffff), which may not have the same effect as
+0 on machines that support more than 32 bits of
+memory space.
+Any positive values less than 2MB will be ignored reset
+to 2MB.
+In a server with multiple views, the limit applies
+separately to the cache of each view.
+The default is 0.
The listen queue depth. The default and minimum is 3. @@ -2826,7 +2838,7 @@ For more details, see the description of
trusted-keys {stringnumbernumbernumberstring; [stringnumbernumbernumberstring; [...]] @@ -2835,7 +2847,7 @@ For more details, see the description ofThe trusted-keys statement defines @@ -2878,7 +2890,7 @@ For more details, see the description of
The view statement is a powerful new feature of BIND 9 that lets a name server answer a DNS query differently depending on who is asking. It is particularly useful for implementing @@ -3080,10 +3092,10 @@ zone
zone_name[
@@ -3196,7 +3208,7 @@ from forwarders. The zone's name may optionally be followed by a class. If a class is not specified, class
@@ -3211,7 +3223,7 @@ in the mid-1970s. Zone data for it can be specified with theIN(forInternet), is assumed. This is correct for the vast majority of cases.+Zone Options
- allow-notify
See the description of @@ -3459,7 +3471,7 @@ name, the rules are checked for each existing record type.
@@ -3469,7 +3481,7 @@ Since the publication of RFC 1034, several new RRs have been identified and implemented in the DNS. These are also included.A domain name identifies a node. Each node has a set of resource information, which may be empty. The set of resource information associated with a particular name is composed of @@ -3733,7 +3745,7 @@ used as "pointers" to other data in the DNS.
RRs are represented in binary form in the packets of the DNS protocol, and are usually represented in highly encoded form when stored in a name server or resolver. In the examples provided in @@ -3823,7 +3835,7 @@ each of a different class.
As described above, domain servers store information as a series of resource records, each of which contains a particular piece of information about a given domain name (which is usually, @@ -3940,7 +3952,7 @@ can be explicitly specified, for example,
1h30m.Reverse name resolution (that is, translation from IP address to name) is achieved by means of the in-addr.arpa domain and PTR records. Entries in the in-addr.arpa domain are made in @@ -3978,7 +3990,7 @@ that the example is relative to the listed origin.
The Master File Format was initially defined in RFC 1035 and has subsequently been extended. While the Master File Format itself is class independent all records in a Master File must be of the same @@ -3987,7 +3999,7 @@ class.
and $TTL.Syntax: $ORIGIN
domain-name[comment]$ORIGIN sets the domain name that will @@ -4002,7 +4014,7 @@ WWW CNAME MAIN-SERVER
Syntax: $INCLUDE
@@ -4026,7 +4038,7 @@ This could be construed as a deviation from RFC 1035, a feature, or both.filename[origin] [comment]Syntax: $TTL
@@ -4037,7 +4049,7 @@ with undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.default-ttl[comment]Syntax: $GENERATE
rangelhs[ttl] [class]typerhs[comment]$GENERATE is used to create a series of resource records that only differ from each other by an iterator. $GENERATE can diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index e2834966cf..535956fbe1 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -46,11 +46,11 @@Table of Contents
@@ -102,7 +102,7 @@ see the AUSCERT advisory at
- Access Control Lists
-- Chroot and Setuid (for +
- Chroot and Setuid (for UNIX servers)
- Dynamic Update Security
On UNIX servers, it is possible to run BIND in a chrooted environment (using the chroot() function) by specifying the "
-t" @@ -117,7 +117,7 @@ user 202:
/usr/local/bin/named -u 202 -t /var/namedIn order for a chroot environment to work properly in a particular directory (for example,
/var/named), @@ -142,7 +142,7 @@ to set up things likePrior to running the named daemon, use the touch utility (to change file access and modification times) or the chown utility (to diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index ecb2a3442b..b4577ba1ae 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,18 +45,18 @@Table of Contents
The best solution to solving installation and configuration issues is to take preventative measures by setting up logging files beforehand. The log files provide a @@ -66,7 +66,7 @@
Zone serial numbers are just numbers — they aren't date related. A lot of people set them to a number that @@ -89,7 +89,7 @@
The Internet Software Consortium (ISC) offers a wide range of support and service agreements for BIND and DHCP servers. Four levels of premium support are available and each level includes diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index e989a6dec2..907b23cbee 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -43,24 +43,24 @@Table of Contents
Although the "official" beginning of the Domain Name System occurred in 1984 with the publication of RFC 920, the @@ -277,17 +277,17 @@ the number of the RFC). RFCs are also available via the Web at
@@ -295,22 +295,22 @@ Specification. November 1987.Standards
-[RFC974] Mail Routing and the Domain System. January 1986.
+[RFC974] Mail Routing and the Domain System. January 1986.
Proposed Standards
-[RFC2181] Clarifications to the DNS Specification. July 1997.
+[RFC2181] Clarifications to the DNS Specification. July 1997.
-[RFC2308] Negative Caching of DNS Queries. March 1998.
+[RFC2308] Negative Caching of DNS Queries. March 1998.
-[RFC1995] Incremental Zone Transfer in DNS. August 1996.
+[RFC1995] Incremental Zone Transfer in DNS. August 1996.
-[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
+[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
-[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
+[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
-[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
+[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
@@ -321,85 +321,85 @@ Specification. November 1987. RFCs are undergoing major revision by the IETF.-[RFC1886] DNS Extensions to support IP version 6. December 1995.
+[RFC1886] DNS Extensions to support IP version 6. December 1995.
-[RFC2065] Domain Name System Security Extensions. January 1997.
+[RFC2065] Domain Name System Security Extensions. January 1997.
-[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
+[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
Other Important RFCs About DNS Implementation
-[RFC1535] A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993.
+[RFC1535] A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993.
Resource Record Types
-[RFC1706] DNS NSAP Resource Records. October 1994.
+[RFC1706] DNS NSAP Resource Records. October 1994.
-[RFC2168] Resolution of Uniform Resource Identifiers using +
[RFC2168] Resolution of Uniform Resource Identifiers using the Domain Name System. June 1997.
-[RFC1876] A Means for Expressing Location Information in the Domain +
[RFC1876] A Means for Expressing Location Information in the Domain Name System. January 1996.
-[RFC2052] A DNS RR for Specifying the Location of +
[RFC2052] A DNS RR for Specifying the Location of Services.. October 1996.
DNS and the Internet
-[RFC1101] DNS Encoding of Network Names and Other Types. April 1989.
+[RFC1101] DNS Encoding of Network Names and Other Types. April 1989.
-[RFC1123] Requirements for Internet Hosts - Application and Support. October 1989.
+[RFC1123] Requirements for Internet Hosts - Application and Support. October 1989.
DNS Operations
-[RFC1537] Common DNS Data File Configuration Errors. October 1993.
+[RFC1537] Common DNS Data File Configuration Errors. October 1993.
-[RFC1912] Common DNS Operational and Configuration Errors. February 1996.
+[RFC1912] Common DNS Operational and Configuration Errors. February 1996.
@@ -410,28 +410,28 @@ Conformant Global Address Mapping. January 1998 DNS-related, are not concerned with implementing software.-[RFC1464] Using the Domain Name System To Store Arbitrary String Attributes. May 1993.
+[RFC1464] Using the Domain Name System To Store Arbitrary String Attributes. May 1993.
-[RFC1713] Tools for DNS Debugging. November 1994.
+[RFC1713] Tools for DNS Debugging. November 1994.
-[RFC1794] DNS Support for Load Balancing. April 1995.
+[RFC1794] DNS Support for Load Balancing. April 1995.
-[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
+[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
-[RFC2345] Domain Names and Company Name Retrieval. May 1998.
+[RFC2345] Domain Names and Company Name Retrieval. May 1998.
-[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
+[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
@@ -451,14 +451,14 @@ after which they are deleted unless updated by their authors.Obsolete and Unimplemented Experimental RRs
-diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 3802003efb..02c0f1a987 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -150,54 +150,54 @@ UsageDNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
+DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
options Statement Definition and Usage server Statement Grammar server Statement Definition and Usage -trusted-keys Statement Grammar -trusted-keys Statement Definition + trusted-keys Statement Grammar +trusted-keys Statement Definition and Usage view Statement Grammar -view Statement Definition and Usage +view Statement Definition and Usage zone Statement Grammar -zone Statement Definition and Usage +zone Statement Definition and Usage -Zone File +Zone File
- Types of Resource Records and When to Use Them
-- Discussion of MX Records
+- Discussion of MX Records
- Setting TTLs
-- Inverse Mapping in IPv4
-- Other Zone File Directives
-- BIND Master File Extension: the $GENERATE Directive
+- Inverse Mapping in IPv4
+- Other Zone File Directives
+- BIND Master File Extension: the $GENERATE Directive
7. BIND 9 Security Considerations 8. Troubleshooting A. Appendices