DNS Server on SLES

Introduction

One of the most important, but least configured services in a modern network is the DNS Server. A properly configured DNS Server will not only allow you to work with computer names instead of IP addresses, but may speed up your Internet queries and give your network speedy name resolutions which may improve your overall network speed. When dealing with Unix based servers, a properly configured DNS server is a must.

With SUSE Linux (and YaST in particular), it is very easy to build and maintain a DNS server for your network. On most Linux systems, BIND (the DNS Server Software that SLES uses) is configured through a few simple text files, specifically named.conf and a text file for every zone that your server handles. Unfortunately, because of formatting and syntax, these text files can sometimes be very tricky to construct correctly, I have spent many hours mulling over DNS configuration files trying to figure out why BIND won't work.

YaST allows you to graphically enter all the relevant information you need for your zones, then it will actually construct the named.conf file and all your zone files for you. In fact, I think it is so intuitive that I have actually used YaST to construct a few zone files for use on other Linux Distributions. Again, if you want to edit the configuration files yourself, SUSE Linux will let you work that way, but for the non-DNS experts out there, I will show you how to configure just about every aspect of DNS through YaST.

Stepping Through the Wizard

Upon first starting YaST's DNS module, if you haven't installed all the required libraries and programs, YaST may prompt you for the installation CDs/DVD. Once all the software is installed, it will launch a basic "wizard" that will walk you through a very basic DNS setup. All of the options presented during the Wizard are available for modification through YaST's DNS module after the Wizard is ran, so you can adjust any of these options at any time.

DNS Wizard: Setting DNS Forwarders

DNS Wizard Step 1: Setting DNS Forwarders

The first screen of the Wizard allows you to enter any Forwarders that your DNS server will use. A Forwarder is simply the IP address of a server that handles all external DNS queries for your network. All DNS servers will "cache" all name information it processes and will use that cache to answer any subsequent queries for the same information. Setting a forwarder for your Server will allow a single DNS server to have what is called a "rich cache" on your network, thus limiting the number of queries sent outside of your network.

Basically what happens during a DNS query is that the DNS server will check its records for the answer, then it will check its "cache" for the answer. If it cannot find the answer in it's own cache, if a forwarder list is specified, it will ask the forwarders for the answer. If the forwarders do not provide the answer, then the DNS server will query the root servers to start to look for the answer.

Forwarders do provide some good features, especially if they are located on a higher bandwidth network than the bandwidth you have to the Internet. A common practice is to use your ISPs DNS servers as forwarders.

DNS Wizard Step 2: Adding DNS Zones

DNS Wizard Step 2: Adding DNS Zones

The second step of the Wizard allows you to create DNS "zones" for your network. DNS zones are the "nuts and bolts" of your server. The information provided by the zones is what makes DNS useful for local queries and provide the correct information over the Internet. Some of you may be thinking that since your local network only uses private IP addresses, setting up a local zone would not make much sense. Well, granted that you will not be providing any information over the Internet, but creating a zone for your local network does have many advantages, especially if you implement DHCP.

In order to use your DNS server for local resolutions it is necessary to create a "Master Zone". Master zones will hold quite a bit of information including a database of computer names to IP Addresses. When you create this zone you will need to name it something, with the "example.com" being the default example. If you have a registered Domain, go ahead and use that name for your Master zone (even if you are not going to open your DNS servers to the Internet). If you don't have a registered Domain you can simply just choose a simple name, in this guide I will use "private.lan".

Along with a specified "Master Zone", you will want to create what is called a "Reverse Name Lookup Zone" that will provide "reverse queries" to your DNS server. What this means is that if you ask your DNS server what computer is at IP Address 10.0.0.216 it will provide you with the FQDN for that computer.

To create a Reverse Name lookup zone, simply create another "Master Zone", but the name of the master zone must be a specified in a certain way, an example is a zone named "1.168.192.in-addr.arpa" for the 192.168.1.X addresses. Later on I will show you how to add actual computer information into these zones, but for now just add the primary DNS zone for your network and a reverse zone and continue on.

DNS Wizard Step 3: Other Options

DNS Wizard Step 3: Other Options

The final step of the DNS Wizard allows you to adjust the Firewall, enable LDAP support and modify whether or not the DNS Server will start at boot time. The Firewall and Startup options should be obvious for your network. The LDAP option, however, does require some thought - Basically it comes down to - If you want to utilize the integrated SLES MailServer you MUST enable LDAP support for the DNS Server and have a working LDAP Server (see the installation section). If you do not need the MailServer options then it is up to you whether or not you want to store your DNS records within your LDAP Server or not.

Configuring the DNS Server

The DNS Server (Bind) is configured in two areas - first you configure the main "server" in how it will operate and communicate with DNS clients and other servers, then you add your "data" into zones so the DNS Server can provide appropriate information about your network.

This section will cover how to configure the main server so it will communicate properly with other clients and servers, as well as "fine tune" the server for your environment. Many of the options here you probably already configured through the DNS Wizard.

DNS Startup Options

DNS Basic Options

DNS Startup Options and DNS Server Basic Options

Start-Up - This tab allows you to configure how the server is started and ensures that the appropriate firewall rules are in place to allow clients to communicate with the server. The options you need to be aware of is to ensure that at least the firewall port on the Network Interface connected to you local network is open. Also you want to ensure that if you want to use LDAP with the DNS Server that it is checked (needed for the Yast Mail Server Module).

Forwarders - This tab allows you to enter any "Forwarders" - other DNS servers your server will query if it does not have the "answer" within it's cache. Normally, you will enter your ISPs DNS servers here.

Basic Options - This tab allows you to fine-tune your server to ensure that it will communicate correctly with clients and allow you to customize how the DNS server runs depending upon your network. There are quite a few options available that you can specify. DNS Parameters Reference

Logging - By default the DNS Server will log all errors to the System Log, if you want to change this you will use this tab. Here you can specify a file to log errors to, as well as specify additional "triggers" to log, such as Zone Updates and Transfers as well as DNS Queries. This can be helpful in troubleshooting DNS problems.

ACLs - This tab allows you to specify Access Control Lists (ACLs) that you can utilize with different DNS Zones that you will create. Usually these are used when allowing zone transfers to another DNS Server or client. The values are surrounded by '{ }' and can contain IP addresses and/or IP subnets (i.e. 192.168.1.0/24 ).

TSIG Keys - This tab allows you to create or add TSIG keys you can use for your DNS zones. TSIG Keys are usually used to authenticate DHCP Servers to allow for Dynamic DNS updates. I will cover this in a later section.

Notes on the SLES DNS Server Implementation

SLES10, for security reasons, will run the DNS Server in a "chroot jail" that is located at /var/lib/named - this is done in case any security breaches to the DNS server will only result in the DNS Service to be attacked. You can adjust this behavior with the "/etc/sysconf Editor" Yast Module located in the "System" category. Here you can adjust the following DNS options:

NAMED_RUN_CHROOTED - Allows you to disable running the DNS Server within a chroot jail

NAMED_ARGS - Additional options you can add when starting the DNS Server.

NAMED_CONF_INCLUDE_FILES - Any additional files you may need have copied to the chroot jail when named is started.

NAMED_INITIALIZE_SCRIPTS - Any scripts that you want to be ran when the DNS Server is (re)Started can be listed here.

Adding Records to DNS Zones

Up until now you have configured the DNS Server to simply be a "Caching" DNS Server, which will answer your queries if it has the answer in it's "cache" or query it's forwarders to get the answer for you. Now we will create DNS Zones on your server to allow the DNS Server to provide answers regarding your local network.

You do not need to have a registered domain name, or even provide these zones outside of your network on the Internet. In these examples, I will use the "private.lan" Domain Name for the local network (which can not be provided over the Internet). Providing a private "zone" will allow you to maintain a database of local computer names to IP addresses for your network so you can use computer names instead of IP addresses for all of you network services, such as Printing, NFS, web, etc. If you do have a Registered Domain Name, feel free to use that instead, you can even provide DNS Queries over the internet (if you want and are configured to do so).

DNS Zones

Basic Options for a DNS Zone

Editing DNS Zones and Basic Options for the Zone

The first step in creating a DNS Zone is to go to the "DNS Zones" Tab within the Yast DNS Server module and enter a name for a master zone, then click on "Add". Once the zone is added to the Configured DNS Zones list, highlight it and click on Edit, this will open the Zone Editor, which provides a few tabs so you can add records to the zone.

Basics Tab

The Basics tab allows you to specify a few security features to your zone. These features allow you to control what clients or servers can either transfer your zone (through ACLs) or which servers can update your DNS records through Dynamic updates. Both of these features will be covered in a later section.

NS and MX Records Tabs

The next tabs allow you to specify the Name Server records and the Mail Server records for the zone. Normally you simply enter the computer name of your server here and when you click on add, the module will automatically add the correct zone information for you. Note that you must enter an "A record" here and not a "CNAME record" (covered later) to be in compliance with the DNS standards.

Defining NS Records for the Zone

Defining Mail Records for the Zone

Defining the Name Server and the Mail Records for the Zone

The MX Records tab has an additional entry called Priority. This allows you to specify which mail server is the preferred mail server for your zone when you have multiple mail servers listed. The lower the priority number the more preferred the mail server will be.

The Start of Authority (SOA) Tab

This tab allows you to define certain parameters that affect the zone, such as:

Serial - Used to tell the software that the configuration has changed. This number will be autogenerated by Yast when it writes the configuration.

TTL - Specifies the default Time to Live for records within the Zone.

Refresh - Sets how often the Zone should be synchronized from the Master Server to the Slave Server(s).

Retry - Sets the amount of time the Slave Server(s) try to sync to the Master Server if the sync fails.

Expiration - Amount of time the zone will expire on a Slave Server, the server will stop responding to replies until it once again synchronizes.

Minimum - Amount of time the Slave Server(s) should cache negative answers to responses (name resolution failures).

Configuring the DNS Zone SOA

Adding Records to the DNS Zone

Adjusting the Zones SOA and Adding Records to the Zone

The Records Tab

The records tab is where you enter all the relevant information about your network, the computer names to IP Addresses as well as computer aliases. The two main types of records you will work with here are "A" (Address) records and "CNAME" (Canonical Names).

Address Records are simply entered with the computer name being the "Record Key" and the "Value" being it's IP Address. CNAME Records are entered as the "Record Key" being the Alias name you want to use and the "Value" being the computer name for the alias. Note that you must enter a "A" record for any computer name you will create an Alias for.

Some CNAME records you may want to create are for "mail" as well as "ns1", "ns2", etc. for every Name Server you have on your network. This allows for standard computer names to be used in lieu of the correct hostname of the server which provides the standard service.

Creating Reverse Zones

Now you should have a DNS Server that will return an IP Address when you query it with the Domain Name. The next step is to enter a zone so your DNS Server will return a FQDN when you query the server with an IP Address. To do this you must create a Reverse Zone on your DNS Server.

To create the reverse zone, you must first figure out the correct name for it. The standard name for a reverse zone would be XXX.in-addr.arpa, where XXX is the transposed network address - for instance a network containing 192.168.1.X addresses would be 1.168.192.in-addr.arpa, while a network containing 172.16.X.X addresses would be 16.172.in-addr.arpa. Once you have the name, you would create the DNS Zone as you would a standard zone and Yast will automatically treat it as a reverse zone.

Editing the Reverse Zone NS Record

Entering Records for the Reverse Zone

Entering the Reverse DNS Server and Adding Records to the Reverse Zone

Once you create the zone and click on "Edit", you will be able to enter the records pertaining to your network. Their are only 2 types of records that you need to enter, the first is the list of name servers (as reverse records), as well as "Pointer Records" which are entered in the "Records" Tab.

To enter Pointer Records, the "Record Key" will be the part of the IP Address not included in the zone name, and the "Value" will be the full domain name of the computer followed by a period (.). For instance the record for a computer at the IP Address 192.168.1.1 would have a "Record Key" of "1" and a Value of "computername.private.lan." - or whatever the name of the domain is that you will use. Note that for every reverse record there should be only 1 answer. So if you have multiple domains on your network (usually used for virtual hosts for HTTP and Mail servers) only enter the primary DNS Zone for your network.

Testing Your DNS Zones

After you enter all of the DNS zones you will use into your DNS Server, you will want to check the Server to ensure that it is working properly. To do this, you could go to another computer and try to "ping" another computer on your network using it's domain name instead of IP Address, or you could utilize the DNS Utility "Dig" (available on most GNU/Linux Distributions).

Testing the DNS Zone

Testing the DNS Reverse Zone

Testing the DNS Zones using Dig

To do a basic DNS Test using dig simply type the following:

dig @dns_ipaddr computer.private.lan

to check for standard records and the following to check for reverse records:

dig @dns_ipaddr -x IPADDR

An alternative method to check your DNS Servers is to use the GNOME Network Tools which should also be available for any GNU/Linux Distribution.

Configuring a Secondary DNS Server

For larger networks, and for redundancy it is beneficial to configure another server to act as a secondary DNS Server. Using SLES, this is very easy to accomplish using the Yast DNS Server module.

Creating an ACL for DNS Zone Transport

Enabling Zone Transport for DNS Zones

Creating an ACL and Using the ACL for DNS Zone Transport

Configuring the Main DNS Server

The first steps in configuring a Secondary DNS Server is to make a few adjustments to the Primary DNS Server, these steps are:

  1. Create an ACL for zone transport: This allows you to securely ensure that only your secondary DNS Server can transfer the DNS Zone. To do this launch the Yast DNS Module your Primary DNS Server and go to the "ACLs" section. To add an ACL to use, simply name it something informative, such as sec_dns and enter either the IP Address of the server you will use for the Secondary DNS server, or enter the IP Address of your network (i.e. "{ 192.168.1.0/24; }").
  2. Enable the ACL you created within the DNS Zone(s): Edit the DNS Zones you are going to transport and check "Enable Zone Transport" and select the ACLs you will use.
  3. Create the "A"ddress name and "CNAME" records for the Secondary DNS Server: it is common practice to create a CNAME record for your Secondary Name Servers using "ns2". Also ensure you enter a PTR record in your reverse zone.
  4. Add the Secondary DNS Server to the NS Records.

Adding DNS Record for Secondary Server

Adding Secondary Server to NS Record

Entering the Record for the Secondary Server and Adding the "NS" Record for that server

Configuring the Secondary Name Server

Once you configure the Primary Name Server to allow zone transfers and add the records for the Secondary Name Server, you will want to launch the DNS Server Yast Module on the Sec. Name Server.

Adding Slave Zones using the DNS Wizard

Adjusting Slave Zone using the DNS Wizard

Adding and Adjusting a "Slave" DNS Zone Using the DNS Wizard on the Secondary Server

Upon first launching the DNS Server, you will be presented with the DNS Wizard. The configuration will be similar to the main DNS Server, the only difference is when you create the DNS Zone, ensure that you specify that they are slave zones. When you hit the "Add" button you will be presented with a dialog asking you the IP Address of the Primary DNS Server, simply enter it and you are done. Note that you can also setup zone transport on this screen, which may allow you an added layer of security if you need to allow other servers to transfer the DNS zones (as opposed to allowing them to transfer the Zones directly from your Primary DNS Server).

Test your Secondary Name Servers

Follow the procedures in the previous section to test your secondary name servers - (i.e. dig @sec_ns_ipaddr servername@private.lan ).

Testing the Secondary DNS Server

Testing Reverse Zone on the Secondary DNS Server

Testing the Secondary DNS Server and Ensuring the Reverse Zone Also Works Properly

Dynamic DNS

To alleviate the work of manually entering all of the computer names and IP Addresses into your DNS Zones, you can enable what is known as Dynamic DNS. What this will do is allow your DHCP Server to automatically modify your DNS Zones with the IP Addresses it "Leases" out to computers and other devices.

Some people consider this a godsend, while others do not like it much, it really depends upon how much control you want over your network. When deployed correctly (and properly separated out within your network), Dynamic DNS can be a nice addition to your network.

What I usually like to do is have most of the computers that are stationary within an organization automatically get an IP Address that I specify with DHCP (see "Manually Assigning DHCP Addresses"). Then I like to have a separate "Subnet" that is specifically created for automatically assigned IP Addresses which are then dynamically written to the DNS Zones, this way you can quickly scan that subnet and get hostnames back to see if any "unknown" devices are accessing the network.

Creating a TSIG Key and Configuring Zones

To setup Dynamic DNS, you must first create what is called a TSIG Key. This is simply a file that allows the DNS and DHCP Server to "securely" modify the records of the other server. You can create this key from within both the DNS and DHCP Yast Modules, although I will show you how to create it within the DNS module here.

Creating the TSIG Key

Updating DNS Zones for Dynamic DNS

Creating a TSIG Key and Updating the DNS Zones to Use the Key for Dynamic Updates

To create the TSIG key within the DNS Module, click on the "TSIG keys" tab. This will allow you to easily generate the key, what you need to do is simply generate a key using a "Key ID" that can be anything and put the file into a directory that will be accessible by both servers. Normally you simple use the /etc/named.d/ directory.

Once you create the key, you must then enable the key within every zone that you want to have dynamic updates to it's records. Simply open the zone with the Zone Editor (under the DNS Zones tab), then check the "Allow Dynamic Updates" checkbox and select the appropriate key. Make sure that you also do the same for the Reverse Zone as well.

Enabling DHCP for Dynamic DNS

Once you enable Dynamic Updates within the DNS Server, you now have to enable the DHCP server to write to the DNS Zones. To do this you must enter into the "Expert Settings" tab (if you haven't already done so yet). Be aware that once you enter the Expert Settings tab you will no longer be able to go back to the standard interface (although all the functionality is still present).

Using the DHCP Expert Settings Interface to edit the Subnet

Enabling Dynamic DNS through the Subnet Configuration

Using the DHCP Expert Settings Interface to Enable Dynamic DNS within the Subnet Config Screen

From within the Expert Settings interface, you will want to highlight the subnet that you want to enable Dynamic DNS to, then click on "Edit". On this screen there is a button named "Dynamic DNS", go ahead and press it.

The first dialog that should come up is the screen where you specify the TSIG Key. If not, you can access this screen using "Advanced - TSIG Key Management" from the Expert Settings Interface. Simply browse for the Key you created and click on Add.

Enabling the DHCP Server to use the TSIG Key

Enabling Dynamic DNS

Specifying the TSIG Key for the DHCP Server and Enabling Dynamic DNS within the Subnet

Once you added the TSIG Key, you will have access to the Dynamic DNS Interface Configuration Screen. Here you need to specify which TSIG Keys to use (if you have multiple ones), then specify which zones to update (ensure you add a period (.) at the end of the zones) as well as the IP Address of the DNS Server.

Once you finish with these settings, go ahead and close the Yast module and both the DNS and DHCP servers should automatically be restarted. The only thing left to do is restart a DHCP Client and check the DNS records to see if Dynamic DNS is working properly.

DNS Parameters Reference

When fine-tuning your DNS Server, you may have to add additional parameters to the server in order to get it to function properly. Here is a list of the parameters available and a quick description of what they do. You can enter these within the "Basic Options" Tab of the Yast DNS Server Module.

For further information on DNS Software, check out the Bind website at http://www.isc.org/index.pl?/sw/bind/.

"additional-from-auth" "This option controls the behavior of an authoritative server when answering queries which have additional data."
"additional-from-cache" "This option disables the use of the cache for additional data lookups."
"allow-query" "When set the server will only accept queries from the listed Addresses/ACLs."
"allow-recursion" "When set the server will only accept recursive queries from the listed Addresses/ACLs."
"allow-transfer" "Defines the Addresses/ACLs that will be allowed to transfer zones this can also be set within specific zones"
"also-notify" "Tells the server to also send DNS NOTIFY messages to these servers (in addition to the servers listed in the zone's NS records)."
"auth-nxdomain" "Set this to "yes" to have the server set the authoritative bit in the message header for non-existent domain responses. The default is "yes" to ensure compatibility with older servers."
"blackhole" "Specifies networks that the server will never query or respond to a query. This is only used as an extreme counter-measure."
"check-name" "Used to restrict the character set and syntax of certain domain names in master files and/or DNS responses received from the network."
"cleaning-interval" "Sets the interval when the server scans it's cache for expired TTL records. Defaults to every 60 minutes."
"coresize" "Sets the max size of a core dump."
"datasize" "Sets the max amount of data memory the server may use"
"deallocate-on-exit" "Determines whether or not to enable checking for memory leaks on exit. (Obsolete)."
"dialup" "Set this option to "yes" to optimize the server for a dial-on-demand connection (ISDN etc.)"
"directory" "Defines the default directory for the server."
"dump-file" "Defines the path to the named_dump.db file"
"fake-iquery" "Set this to "yes" to have the server send a fake answer when it receives an outdated "inverse query". Defaults to "no"."
"fetch-glue" "Set this to "yes" to have the server automatically try to resolve the domain names of any name servers in NS records. Defaults to "no". (Obsolete)"
"files" "Sets the max number of files the server may have open."
"forward" "Sets how the server utilizes forwarders. Set to "first" to query the forwarders first. Set to "only" to only use the forwarders."
"forwarders" "Sets forward servers. See the previous section for a graphical way to specify forwarders."
"has-old-clients" "Set to "yes" to set other values as follows: auth-nxdomain to "yes" rfc2308-type1 to "no" maintain-ixfr-base to "yes". Defaults to "no"."
"heartbeat-interval" "Used in conjunction with the dialup option to define when the server should conduct zone maintenance. Defaults to 60 min."
"host-statistics" "Set to "yes" to keep statistics for every host that the server interacts with. (Obsolete)."
"host-statistics-max" "Sets the max number of host statistic entries to be kept. (Obsolete)"
"hostname" "Sets the hostname the server should report via a query of the name hostname.bind (with type TXT class CHAOS). Defaults to machine hostname, set to none to disable these queries."
"interface-interval" "Sets the interval that the server will scan for new network interfaces to listen on. Defaults to 60 minutes - set to "0" if you also run gated on your server."
"lame-ttl" "Defines how long lame server indications should be cached. Defaults to 10 minutes with a max of 30 minutes."
"listen-on" "Sets which interfaces and ports that the server will answer queries from. Defaults to port 53 on all interfaces."
"listen-on-v6" "Same as listen-on but for IPv6."
"maintain-ifxr-base" "Set this to "yes" to have the server maintain an update history file for outdated slaves. Default is "no"."
"match-mapped-addresses" "Set this to "yes" so an IPv4-mapped IPv6 address will match any address match list entries that match the corresponding IPv4 address."
"max-cache-size" "Sets the max amount of memory to use for the server's cache."
"max-cache-ttl" "Sets the max time for which the server will cache ordinary answers. Defaults to 7 days."
"max-refresh-time" "Option controls the server's behavior on refreshing a zone. You should normally use SOA entries."
"max-retry-time" "Option controls the server's behavior on retrying a zone. You should normally use SOA entries."
"max-transfer-idle-in" "Maximum time allowed for Inbound zone transfers making no progress (thus will be terminated). Defaults to 120 min."
"max-transfer-idle-out" "Same as above except for Outbound connections. Defaults to 60 min."
"max-transfer-time-in" "Maximum time a slave server waits for a master server to complete an inbound zone transfer. Defaults to 120 min."
"max-transfer-time-out" "Same as above except for Outbound Connections.. Defaults to 120 min."
"memstatistics-file" "Defines the path to the named.memstats file."
"min-refresh-time" "Option controls the server's behavior on refreshing a zone. You should normally use SOA entries."
"min-retry-time" "Option controls the server's behavior on retrying a zone. You should normally use SOA entries."
"min-roots" "Sets the min number of root servers that is required for a request for the root servers to be accepted. Default is 2."
"minimal-responses" "Set to "yes" so the server will only add records to the authority and additional data sections when they are required. Default is "no"."
"multiple-cnames" "Set this to "yes" to allow a domain name to have multiple CNAME records in violation of the DNS standards. (Obsolete)"
"named-xfer" "Defines the path to the named-xfer program. (Obsolete)"
"notify" "Used to control whether or not the DNS NOTIFY protocol is used."
"pid-file" "Defines the path to the named.pid file"
"port" "Defines the UDP/TCP port number the server uses for DNS protocol traffic."
"preferred-glue" "Used to control whether or not the listed type (A or AAAA) will be emitted before other glue in the additional section of a query response. Default is "no"."
"provide-ixfr" "This setting determines whether the local server (acting as a master) will respond with an incremental zone transfer when the given remote server (slave) requests it"
"query-source" "Sets your server to start its queries from a specific address and port. For example "address 192.168.0.1 port 53;""
"random-device" "Defines the source of entropy to be used by the server."
"recursion" "Sets your server if it can act as a recursive server or not. Values are "yes" or "no" with the default of "yes" since most servers are recursive."
"recursive-clients" "Sets the max number of recursive lookups the server will perform on behalf of clients. Defaults to 1000."
"request-ixfr" "This setting determines whether the local server (acting as a slave) will request incremental zone transfers from the given remote server."
"rfc2308-type1" ""Negative Caching of DNS Queries" - Defines response types for negative information. Defaults to "no" for compatibity with older programs."
"rrset-order" "Allows you to change the shuffle order for queries with more than one answer. Options are "cyclic", "random" or "fixed". Defaults to "cyclic" (or round-robin)."
"serial-queries" "Defines max number of concurrent SOA requests the slave server allows. Defaults to 4. (Obsolete use serial-query-rate)"
"serial-query-rate" "Defines the max number of queries that will be sent per second. Defaults to 20."
"sig-validity-interval" "Defines the number of days a signature will be considered valid. Defaults to 30 days."
"sortlist" "Organizes records in a Round Robin set."
"stacksize" "Sets the max amount of stack memory the server may use."
"statistics-file" "Defines the path to the named.stats file"
"statistics-interval" "Sets the interval that the server will write statistics to the statistics file. Defaults to 60 minutes."
"suppress-initial-notify" "Not yet implemented."
"tcp-clients" "Sets the max number of simultaneous client TCP connections that the server will accept. Defaults to 100."
"tkey-dhkey" "Defines the Diffie-Hellman key used by the server to generate shared keys with clients using the Diffie-Hellman mode of TKEY"
"tkey-domain" "Defines the domain appended to the names of all shared keys generated with TKEY."
"topology" "Allows you to specify which server should be queried first for domains with multiple authoritative name servers. Use only for very unique network configurations."
"transfer-format" "Tells the server if it is allowed to put more than one answer in a single message. Values should be "one-answer" or "many-answers". Defaults to "one-answer"."
"transfer-source" "Defines the address of the Network Interface that should be used for zone transfers. Can also be set in zone."
"transfers-in" "Defines max number of inbound zone transfers that can be running at any time. Defaults to 10."
"transfers-out" "Defines the max number of outbound zone transfers that can be running at any time. Defaults to 10."
"transfers-per-ns" "Defines max number of simultaneous transfers allowed from a remote server. Defaults to 2."
"treat-cr-as-space" "Set this to "yes" if you create the zone file on a computer running Microsoft Windows software (which adds carriage returns). Defaults to "no". (Obsolete)"
"use-id-pool" "Sets the name server to ensure that it uses random message IDs in queries. (Obsolete)"
"use-ixfr" "Obsolete"
"version" "Sets the version the server should report via a query of the name version.bind (with type TXT class CHAOS). Defaults to running version. Set to "none" to ignore query."
"zone-statistics" "Set this to "yes" to tell the server to collect statistical data on all zones."

 

Google Ad

© 2017 Mike Petersen - All Rights Reserved