17.2.2. Other Statement Types

17.2.2. Other Statement Types

The following is a list of lesser used statement types available within named.conf:

controls

Configures various security requirements necessary to use the rndc command to administer the named service.

Refer to Section 17.4.1, “Configuring /etc/named.conf to learn more about how the controls statement is structured and what options are available.

key "<key-name>"

Defines a particular key by name. Keys are used to authenticate various actions, such as secure updates or the use of the rndc command. Two options are used with key:

  • algorithm <algorithm-name> — The type of algorithm used, such as dsa or hmac-md5.

  • secret "<key-value>" — The encrypted key.

Refer to Section 17.4.2, “Configuring /etc/rndc.conf for instructions on how to write a key statement.

logging

Allows for the use of multiple types of logs, called channels. By using the channel option within the logging statement, a customized type of log can be constructed — with its own file name (file), size limit (size), versioning (version), and level of importance (severity). Once a customized channel is defined, a category option is used to categorize the channel and begin logging when named is restarted.

By default, named logs standard messages to the syslog daemon, which places them in /var/log/messages. This occurs because several standard channels are built into BIND with various severity levels, such as default_syslog (which handles informational logging messages) and default_debug (which specifically handles debugging messages). A default category, called default, uses the built-in channels to do normal logging without any special configuration.

Customizing the logging process can be a very detailed process and is beyond the scope of this chapter. For information on creating custom BIND logs, refer to the BIND 9 Administrator Reference Manual referenced in Section 17.7.1, “Installed Documentation”.

server

Specifies options that affect how named should respond to remote nameservers, especially with regard to notifications and zone transfers.

The transfer-format option controls whether one resource record is sent with each message (one-answer) or multiple resource records are sent with each message (many-answers). While many-answers is more efficient, only newer BIND nameservers understand it.

trusted-keys

Contains assorted public keys used for secure DNS (DNSSEC). Refer to Section 17.5.3, “Security” for more information concerning BIND security.

view "<view-name>"

Creates special views depending upon which network the host querying the nameserver is on. This allows some hosts to receive one answer regarding a zone while other hosts receive totally different information. Alternatively, certain zones may only be made available to particular trusted hosts while non-trusted hosts can only make queries for other zones.

Multiple views may be used, but their names must be unique. The match-clients option specifies the IP addresses that apply to a particular view. Any options statement may also be used within a view, overriding the global options already configured for named. Most view statements contain multiple zone statements that apply to the match-clients list. The order in which view statements are listed is important, as the first view statement that matches a particular client's IP address is used.

Refer to Section 17.5.2, “Multiple Views” for more information about the view statement.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.