The zone Statement

The zone statement identifies the zone being served, and defines the source of domain database information. There are four variants of the zone statement: one for the master server, one for the slave servers, one for the hints file, and a special one for forwarding. The syntax of each variant used on BIND 8 systems is shown in Listing B.5.

Listing B.5: BIND 8 zone Statement Syntax zone domain_name [ in|hs|hesiod|chaos ] { type master; file pathname; [ forward only|first; ] [ forwarders { address-list; }; ] [ check-names warn|fail|ignore; ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list }; ] [ allow-transfer { address_match_list }; ] [ notify yes|no; ] [ also-notify { address-list }; [ dialup yes|no; ] [ ixfr-base pathname; ]

[ pubkey flags protocol algorithm key; ]

zone domain_name [ in|hs|hesiod|chaos ] { type slave|stub; [ file pathname; ] [ ixfr-base pathname; ] masters { address-list }; [ forward only|first; ] [ forwarders { address-list; }; ] [ check-names warn|fail|ignore; ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list }; ] [ allow-transfer { address_match_list }; ] [ transfer-source ip_addr; ] [ max-transfer-time-in number; ] [ notify yes|no; ] [ also-notify { address-list }; [ dialup yes|no; ]

[ pubkey flags protocol algorithm key; ]

zone "." [ in|hs|hesiod|chaos ] { type hint; file pathname;

[ check-names warn|fail|ignore; ]

zone domain_name [in|hs|hesiod|chaos] { type forward; [ forward only|first; ] [ forwarders { address-list; }; ] [ check-names warn|fail|ignore; ]

The zone statement starts with the keyword zone followed by the name of the domain. For the root cache, the domain name is always ".". The domain name is then followed by the data class. This is always in for Internet DNS service, which is the default if no value is supplied.

The type option defines whether this is a master server, a slave server, or the hints file for the root cache. A stub server is a slave server that loads only the NS records instead of the entire domain.

The file option for a master server points to the source file from which the zone is loaded. For the slave server, it points to the file to which the zone is written. In the root cache statement, the file option points to the hints file used to initialize the cache.

forward, forwarders, check-names, allow-query, allow-transfer, transfer-source, max-transfer-time-in, dialup, notify, and also-notify were all covered in the section on the options statement. Except for the scope of the options, they function the same here. When specified in a zone statement, these options apply only to the specific zone. When specified in the options statement, they apply to all zones. The specific settings for a zone override the global settings of the options statement.

There are a few options that haven't been discussed yet:

allow-update Identifies the hosts that are allowed to dynamically update the zone. By default, no remote system is allowed to modify the zone.

ixfr-base Defines the path to the file where incremental zone file transfers are stored. If you use incremental zone file transfers, upgrade to BIND 9 for a more stable implementation.

pubkey Defines the DNSSEC public encryption key for the zone when there is no trusted mechanism for distributing public keys over the network. pubkey defines the DNSSEC flags, protocol, and algorithm, as well as a base-64 encoded version of the key. The remote server that will be accessing this domain through DNSSEC defines the same settings using the trusted-key command described earlier in this appendix. If you must use encryption for DNS, don't use BIND 8; upgrade to BIND 9.

BIND 9 uses the same four zone command variations as BIND 8. The difference between the two versions of BIND is that BIND 8 and BIND 9 use different options. The BIND 9 syntax of the four zone statement variants is shown in Listing B.6.

Listing B.6: BIND 9 zone Statement Syntax zone domain_name [ in|hs|hesiod|chaos ] { type master; file pathname;

[ allow-update-forwarding { address_match_list }; ]

[ notify yes|no|notify|notify-passive|refresh|passive; ]

[ sig-validity-interval number; ]

[ max-refresh-time number; ]

[ max-transfer-idle-out number; ]

[ max-transfer-time-out number; ]

[ min-refresh-time number; ]

zone domain_name [ in|hs|hesiod|chaos ] { type slave|stub;

masters [port ip_port] { address-list };

[ check-names warn|fail|ignore; ]

[ allow-update-forwarding { address_match_list }; ]

[ transfer-source ip_addr; ]

[ dialup yes|no|notify|notify-passive|refresh|passive; ]

[ max-transfer-time-in number; ]

[ max-refresh-time number; ]

[ max-transfer-idle-in number; ] [ max-transfer-idle-out number; ] [ max-transfer-time-in number; ] [ max-transfer-time-out number; ] [ min-refresh-time number; ] [ min-retry-time number; ]

[ transfer-source ip_addr|* [port ip_port|*]; ] [ transfer-source-v6 ip6_addr|* [port ip_port|*]; ]

zone "." [ in|hs|hesiod|chaos ] { type hint; file pathname;

zone domain_name [in|hs|hesiod|chaos] { type forward; [ forward only|first; ] [ forwarders { address-list; }; ]

Most of the options shown in the BIND 9 syntax were explained in the discussion of the BIND 9 options statement. The two options that are unique to the BIND 9 zone statement are allow-update-forwarding Identifies the systems that are allowed to submit dynamic zone updates to a slave that will then be forwarded to the master.

database Specifies the type of database used for storing zone data. The default is rbt, which is the only database type supported by the standard BIND 9 executable.

Was this article helpful?

0 0

Post a comment