BIND Configuration File Guide - zone Statement

Syntax

zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type master;
  file path_name;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ dialup yes_or_no; ]
  [ notify yes_or_no; ]
  [ also-notify { ip_addr; [ ip_addr; ... ] };
  [ ixfr-base  path_name; ]
};

zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type ( slave | stub );
  [ file path_name; ]
  [ ixfr-base  path_name; ]
  masters [ port ip_port ] { ip_addr; [ ip_addr; ... ] };
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { address_match_list }; ]
  [ allow-query { address_match_list }; ]
  [ allow-transfer { address_match_list }; ]
  [ transfer-source ip_addr; ]
  [ dialup yes_or_no; ]
  [ max-transfer-time-in number; ]
  [ notify yes_or_no; ]
  [ also-notify { ip_addr; [ ip_addr; ... ] };
};

zone domain_name [ ( in | hs | hesiod | chaos ) ] { 
  type forward;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
};

zone "." [ ( in | hs | hesiod | chaos ) ] { 
  type hint;
  file path_name;
  [ check-names ( warn | fail | ignore ); ]
};

Definition and Usage

Zone Types

master

The server has a master copy of the data for the zone and will be able to provide authoritative answers for it.

slave

A slave zone is a replica of a master zone. The masters list specifies one or more IP addresses that the slave contacts to update its copy of the zone. If file is specified, the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of file is recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to use a two level naming scheme for zone file names. For example, a slave server for the zone vix.com might place the zone contents into a file called "vi/vix.com" where vi/ is just the first two letters of the zone name. (Most operating systems behave very slowly if you put 100K files into a single directory.)

stub

A stub zone is like a slave zone, except that it replicates only the NS records of a master zone instead of the entire zone.

forward

A forward zone is used to direct all queries in it to other servers. The specification of options in such a zone will override any global options declared in the options statement.

If either no forwarders statement is present in the zone or an empty list for forwarders is given, no forwarding will be done for the zone, cancelling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change the behavior of the global forward option, and not the servers used, you also need to respecify the global forwarders.

hint

The initial set of root nameservers is specified using a hint zone. When the server starts up, it uses the root hints to find a root nameserver and get the most recent list of root nameservers.

Note: previous releases of BIND used the term primary for a master zone, secondary for a slave zone, and cache for a hint zone.

Class

The zone's name may optionally be followed by a class. If a class is not specified, class in (for "internet"), is used.

Options

check-names

allow-query

allow-update

Specifies which hosts are allowed to submit Dynamic DNS updates to the server. The default is to deny updates from all hosts.

allow-transfer

transfer-source

The transfer-source option determines which local address will be bound to the TCP connection used to fetch this zone. If not set, it defaults to a system controlled value which will usually be the address of the interface ``closest to'' the remote end. This address must appear in the remote end's allow-transfer option for this zone if one is specified.

ixfr-base

The ixfr-base option specifies the file name used for IXFR transaction log file.

max-transfer-time-in

dialup

notify

also-notify

The also-notify option is only meaningful if notify is active for this zone. The set of machines that will receive a DNS NOTIFY message for this zone is made up of all the listed nameservers for the zone (other than the primary master) plus any IP addresses specified with also-notify. The also-notify option is not meaningful for stub zones. The default is the empty list.

forward

The forward option is only meaningful if the zone has a forwarders list. The only value causes the lookup to fail after trying the forwarders and getting no answer, while first would allow a normal lookup to be tried.

forwarders

The forwarders option in a zone is used to override the list of global forwarders. If it is not specified in a zone of type forward, no forwarding is done for the zone; the global options are not used.