|
HP OpenVMS Systems Documentation |
|
HP TCP/IP Services for OpenVMS
|
| Previous | Contents | Index |
Table 6-13 describes options that limit the server's resource consumption and are enforced internally by the server rather than by the operating system.
| Option | Description |
|---|---|
| max-ixfr-log-size | This option is obsolete; it is accepted and ignored. |
| recursive-clients | Specifies the maximum number of simultaneous recursive lookups the server performs on behalf of clients. The default is 1000. Because each recursing client uses about 20 kilobytes of memory, the value of the recursive-clients option might have to be decreased on hosts with limited memory. |
| tcp-clients | Specifies the maximum number of simultaneous client TCP connections that the server accepts. The default is 100. |
| max-cache-size | Specifies the maximum amount of memory (in bytes) to use for the server's cache. When the amount of data in the cache reaches this limit, the server causes records to expire prematurely so that the limit is not exceeded. In a server with multiple views, the limit applies separately to the cache of each view. The default is unlimited, which means that records are purged from the cache only when their TTL (time-to-live) values expire. |
Table 6-14 describes the options that control the intervals for periodic tasks.
| Option | Description |
|---|---|
| cleaning-interval | The server removes expired resource records from the cache every cleaning-interval minutes. The default is 60 minutes. If set to 0, periodic cleaning does not occur. |
| heartbeat-interval |
The server performs zone maintenance tasks for all dialup zones
whenever this interval expires. The default is 60 minutes.
The maximum value is one day (1440 minutes). If this option is set to 0, zone maintenance for these zones does not occur. |
| interface-interval |
The server scans the network interface list every
interface-interval
minutes. The default is 60 minutes.
If this option is set to 0, interface scanning occurs only when the configuration file is loaded. After the scan, listeners are started on any new interfaces (provided they are allowed by the listen-on configuration). Listeners on interfaces that have gone away are cleaned up. |
| statistics-interval |
Name server statistics are logged every
statistics-interval
minutes. The default is 60. If set to 0, statistics are not logged.
This option is not yet implemented. |
When the server chooses a name server to query from a list of name servers, it prefers the one that is topologically closest to itself. The topology statement takes an address match list and interprets it in a special way. Each top-level list element is assigned a distance. Nonnegated elements get a distance based on their position in the list; the closer the match is to the start of the list, the shorter the distance between it and the server. A negated match is assigned the maximum distance from the server. If there is no match, the address gets a distance that is further than any nonnegated list element and closer than any negated element. For example:
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
|
The example configuration prefers servers on network 10 the most, followed by hosts on network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception of hosts on network 1.2.3 (netmask 255.255.255.0), which is the least preferred. The default topology is:
topology { localhost; localnets; };
|
The topology statement is not implemented in BIND Version 9. |
The response to a DNS query can consist of multiple resource records (RRs) forming a resource record set (RRset). The name server normally returns the RRs within the RRset in an indeterminate order. (See Section 6.5.3.6.11.)
The client resolver code should rearrange the RRs as appropriate, that is, by using any addresses on the local network in preference to other addresses. However, not all resolvers can do this or are correctly configured. When a client is using a local server the sorting can be performed in the server, based on the client's address. This requires configuring only the name servers, not all the clients.
The sortlist statement takes an address match list and interprets it even more specifically than the topology statement does (see Section 6.5.3.6.9). Each top-level statement in the sortlist must itself be an explicit address match list with one or two elements. The first element (which can be an IP address, an IP prefix, an ACL name, or a nested address match list) of each top-level list is checked against the source address of the query until a match is found.
Once the source address of the query is matched, if the top-level statement contains only one element, the actual primitive element that matched the source address is used to select the address in the response to move to the beginning of the response. If the statement is a list of two elements, then the second element is treated the same as the address match list in a topology statement. Each top-level element is assigned a distance and the address in the response with the minimum distance is moved to the beginning of the response.
Example 1
In the following example, any queries received from any of the addresses of the host itself gets responses that prefer addresses on any of the locally connected networks. The next-most-preferred are addresses on the 192.168.1/24 network, and after that either the 192.168.2/24 or 192.168.3/24 network with no preference shown between these two networks. Queries received from a host on the 192.168.1/24 network prefers other addresses on that network to the 192.168.2/24 and 192.168.3/24 networks. Queries received from a host on the 192.168.4/24 or the 192.168.5/24 network prefer only other addresses on their directly connected networks.
sortlist {
{ localhost; // IF the local host
{ localnets; // THEN first fit on the
192.168.1/24; // following nets
{ 192.168.2/24; 192.168.3/24; }; }; };
{ 192.168.1/24; // IF on class C 192.168.1
{ 192.168.1/24; // THEN use .1, or .2 or .3
{ 192.168.2/24; 192.168.3/24; }; }; };
{ 192.168.2/24; // IF on class C 192.168.2
{ 192.168.2/24; // THEN use .2, or .1 or .3
{ 192.168.1/24; 192.168.3/24; }; }; };
{ 192.168.3/24; // IF on class C 192.168.3
{ 192.168.3/24; // THEN use .3, or .1 or .2
{ 192.168.1/24; 192.168.2/24; }; }; };
{ { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
};
};
|
Example 2
The following example illustrates reasonable behavior for the local host and for hosts on directly connected networks. This behavior is similar to that of the address sort in BIND Version 4. Responses sent to queries from the local host favor any of the directly connected networks. Responses sent to queries from any other hosts on a directly connected network prefer addresses on that same network. Responses to other queries are not sorted.
sortlist {
{ localhost; localnets; };
{ localnets; };
};
|
When multiple records are returned in an answer, it might be useful to configure the order of the records placed into the response. The rrset-order statement permits configuration of the ordering of the records in a multiple-record response.
An order_spec is defined as follows:
[ class class_name ][ type type_name ][ name "domain_name"] order ordering |
If no class is specified, the default is ANY. If no type is specified, the default is ANY. If no name is specified, the default is wildcard.
The legal values for ordering are:
For example:
rrset-order {
class IN type A name "host.example.com" order random;
order cyclic;
};
|
This example causes any responses for type A records in class IN that have host.example.com as a suffix to always be returned in random order. All other records are returned in cyclic order.
If multiple rrset-order statements appear, they are not combined; the last one applies.
The rrset-order statement is not yet implemented. BIND currently supports only "random-cyclic" ordering, in which the server randomly chooses a starting point within the RRset and returns the records in order starting at that point, wrapping around the end of the RRset if necessary. |
Many existing stub resolvers support IPv6 DNS lookups as defined in RFC 1886, using AAAA records for forward lookups and nibble labels in the ip6.int domain for reverse lookups. They do not support RFC 2874 lookups (using A6 records and binary labels in the ip6.arpa domain).
To continue to use such stub resolvers, BIND Version 9 provides a way to automatically convert RFC 1886 lookups into RFC 2874 lookups and to return the results as "synthetic" AAAA and PTR records.
This feature is disabled by default and can be enabled on a per-client basis by adding the following clause to the to the options or view statement:
allow-v6-synthesis { address_match_list };
|
When this feature is enabled, recursive AAAA queries cause the server first to try an A6 lookup and then, if that fails, an AAAA lookup. Regardless of which one succeeds, the results are returned as a set of synthetic AAAA records. Similarly, recursive PTR queries in ip6.int cause a lookup in ip6.arpa using binary labels and, if that fails, another lookup in ip6.int . The results are returned as a synthetic PTR record in ip6.int .
The synthetic records have a TTL value of 0. DNSSEC validation of synthetic responses is not supported; therefore, responses containing synthetic RRs do not have the AD flag set.
The
allow-v6-synthesis
option is performed only for clients that are supplied recursive
services.
6.5.3.6.13 Tuning Options
Table 6-15 describes the options provided for tuning the BIND server.
| Options | Description |
|---|---|
| lame-ttl | Sets the number of seconds to cache a lame server indication. A value of zero disables caching. (This is not recommended.) The default is 600 (10 minutes); the maximum value is 1800 (30 minutes). |
| max-ncache-ttl | To reduce network traffic and increase performance, the server stores negative answers. The max-ncache-ttl option is used to set a maximum retention time for these answers in the server in seconds. The default is 10800 seconds (3 hours). The value of max-ncache-ttl cannot exceed 7 days and is silently truncated to 7 days if set to a greater value. |
| max-cache-ttl | Sets the maximum time for which the server caches ordinary (positive) answers. The default is one week (7 days). |
| min-roots |
The minimum number of root servers that is required for a request for
the root servers to be accepted. The default is 2.
This option is not yet implemented. |
| sig-validity-interval | Specifies the number of days into the future when DNSSEC signatures automatically generated as a result of dynamic updates will expire. (See Section 6.5.7 for more information.) The default is 30 days. The signature inception time is unconditionally set to one hour before the current time to allow for a limited amount of clock skew. |
|
min-refresh-time
max-refresh-time min-retry-time max-retry-time |
Controls the server's behavior when refreshing a zone (querying for SOA
changes) or when retrying failed transfers. Usually the SOA values for
the zone are used, but these values are set by the master, giving slave
server administrators little control over their contents.
These options allow the administrator to set a minimum and maximum refresh and retry time either per-zone, per-view, or globally. These options are valid for slave and stub zones, and clamp the SOA refresh and retry times to the specified values. |
The statistics file generated by BIND 9 is similar, but not identical, to that generated by BIND 8.
The statistics dump begins with the following line:
+++ Statistics Dump +++ (973798949) |
The number in parentheses is a standard UNIX time stamp, measured as seconds since January 1, 1970. Following that line are a series of lines containing a counter type, the value of the counter, a zone name (optional), and a view name (optional). The lines without view and zone listed are global statistics for the entire server. Lines with a zone and view name apply to the given view and zone (the view name is omitted for the default view). The statistics dump ends with the following line:
--- Statistics Dump --- (973798949) |
The time stamp is identical to the one in the beginning line.
Table 6-16 describes the statistics counters that are maintained.
| Counter | Description |
|---|---|
| success | The number of successful queries made to the server or zone. A successful query is defined as query that returns a NOERROR response other than a referral response. |
| referral | The number of queries that resulted in referral responses. |
| nxrrset | The number of queries that resulted in NOERROR responses with no data. |
| nxdomain | The number of queries that resulted in NXDOMAIN responses. |
| recursion | The number of queries that caused the server to perform recursion in order to find the final answer. |
| failure | The number of queries that resulted in a failure response other than those described in the preceding counters. |
The server statement defines characteristics to be associated with a remote name server. The server statement has the following syntax:
server ip_addr {
[ bogus yes_or_no ; ]
[ provide-ixfr yes_or_no ; ]
[ request-ixfr yes_or_no ; ]
[ edns yes_or_no ; ]
[ transfers number ; ]
[ transfer-format ( one-answer | many-answers ) ; ]]
[ keys { string ; [ string ; [...]] } ; ]
};
|
The server statement can occur at the top level of the configuration file or inside a view statement. If a view statement contains one or more server statements, only those apply to the view, and any top-level ones are ignored. If a view contains no server statements, any top-level server statements are used as defaults.
Table 6-17 describes the clauses in the server statement.
| Clause | Description |
|---|---|
| bogus | If you discover that a remote server is giving out bad data, marking it as bogus prevents further queries to it. The default value of bogus is NO. |
| provide-ixfr | Determines whether the local server, acting as master, responds with an incremental zone transfer when the given remote server, a slave, requests it. If this option is set to YES, incremental transfer is provided whenever possible. If set to NO, all transfers to the remote server are nonincremental. If not set, the value of the provide-ixfr option in the global options statement is used as a default. |
| request-ixfr |
Determines whether the local server, acting as a slave, requests
incremental zone transfers from the given remote server, a master. If
this option is not set, the value of the
request-ixfr
option in the global
options
statement is used as a default.
IXFR requests to servers that do not support IXFR automatically falls back to AXFR. Therefore, you do not need to list manually which servers support IXFR and which ones do not; the global default of YES should always work. The purpose of the provide-ixfr and request-ixfr clauses is to make it possible to disable the use of IXFR, even when both master and slave claim to support it; for example, if one of the servers crashes or corrupts data when IXFR is used. See Section 6.5.6 for more information. |
| edns | Determines whether the local server attempts to use EDNS when communicating with the remote server. The default is YES. |
| transfer-format |
Specifies the zone transfer method:
The many-answers mode is more efficient, but it is understood only by BIND Version 9, BIND Version 8, and later versions of BIND Version 4. If transfer-format is not specified, the transfer format specified by the options statement is used. |
| transfers | Limits the number of concurrent inbound zone transfers from the specified server. If no transfers clause is specified, the limit is set according to the transfers-per-ns option, as described in Table 6-12. |
| keys |
Specifies a
key_id
defined by the
key
statement, to be used for transaction security when talking to the
remote server. The
key
statement must come before the
server
statement that references it. When a request is sent to the remote
server, a request signature is generated using the key specified here
and appended to the message. A request originating from the remote
server is not required to be signed by this key.
Use only one key for each server. |
| Previous | Next | Contents | Index |