mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-16 17:19:44 -05:00
f63d72fb7e
Previously, the number of RRs in the RRSets were internally unlimited. As the data structure that holds the RRs is just a linked list, and there are places where we just walk through all of the RRs, adding an RRSet with huge number of RRs inside would slow down processing of said RRSets. Add a configurable limit to cap the number of the RRs in a single RRSet. This is enforced at the database (rbtdb, qpzone, qpcache) level and configured with new max-records-per-type configuration option that can be configured globally, per-view and per-zone. (cherry picked from commit 3fbd21f69a1bcbd26c4c00920e7b0a419e8762fc)
63 lines
3.1 KiB
Text
63 lines
3.1 KiB
Text
zone <string> [ <class> ] {
|
|
type ( master | primary );
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-transfer { <address_match_element>; ... };
|
|
allow-update { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
|
|
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
auto-dnssec ( allow | maintain | off ); // deprecated
|
|
check-dup-records ( fail | warn | ignore );
|
|
check-integrity <boolean>;
|
|
check-mx ( fail | warn | ignore );
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-names ( fail | warn | ignore );
|
|
check-sibling <boolean>;
|
|
check-spf ( warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
check-wildcard <boolean>;
|
|
database <string>;
|
|
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
|
dlz <string>;
|
|
dnskey-sig-validity <integer>;
|
|
dnssec-dnskey-kskonly <boolean>;
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-policy <string>;
|
|
dnssec-secure-to-insecure <boolean>;
|
|
dnssec-update-mode ( maintain | no-resign );
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
|
|
inline-signing <boolean>;
|
|
ixfr-from-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key-directory <quoted_string>;
|
|
masterfile-format ( map | raw | text );
|
|
masterfile-style ( full | relative );
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-records <integer>;
|
|
max-records-per-type <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-types-per-name <integer>;
|
|
max-zone-ttl ( unlimited | <duration> );
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
notify-to-soa <boolean>;
|
|
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
|
|
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
serial-update-method ( date | increment | unixtime );
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ];
|
|
update-check-ksk <boolean>;
|
|
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
|
|
zero-no-soa-ttl <boolean>;
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
};
|