1、bind配置文件@named.confnode
acl 定義一個IP地址表列名,用語接入控制和其餘用法。緩存
controls 宣告 rnde utility 使用的控制通道(channel)服務器
include 包含一個文件app
key 設置密匙信息,它應用在經過 TSIG 進行受權和認證的配置中dom
logging 設置日誌服務器,和日誌信息的發送地tcp
options 控制服務器的全局配置選項和爲其它語句設置默認值ide
server 在一個單服務器基礎上設置特定的配置選項fetch
trusted-keys 定義信任的 DNSSED 密匙編碼
view 定義一個視圖spa
zone 定義一個域
2、view的語法
view view_name
[class] {
match-clients { address_match_list };
match-destinations { address_match_list };
match-recursive-only yes_or_no ;
[ view_option; ...]
[ zone_statement; ...]
};
3、zone文件的語法
zone zone_name [class] {
type master;
[ allow-query { address_match_list }; ]
[ allow-query-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ update-check-ksk yes_or_no; ]
[ dnssec-dnskey-kskonly yes_or_no; ]
[ dnssec-loadkeys-interval number; ]
[ update-policy local | { update_policy_rule [...] }; ]
[ also-notify { ip_addr [port ip_port] [dscp ip_dscp] ;
[ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
[ check-names (warn|fail|ignore) ; ]
[ check-mx (warn|fail|ignore) ; ]
[ check-wildcard yes_or_no; ]
[ check-spf ( warn | ignore ); ]
[ check-integrity yes_or_no ; ]
[ dialup dialup_option ; ]
[ file string ; ]
[ masterfile-format (text|raw|map) ; ]
[ journal string ; ]
[ max-journal-size size_spec; ]
[ forward (only|first) ; ]
[ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
[ ixfr-base string ; ]
[ ixfr-from-differences yes_or_no; ]
[ ixfr-tmp-file string ; ]
[ request-ixfr yes_or_no ; ]
[ maintain-ixfr-base yes_or_no ; ]
[ max-ixfr-log-size number ; ]
[ max-transfer-idle-out number ; ]
[ max-transfer-time-out number ; ]
[ notify yes_or_no | explicit | master-only ; ]
[ notify-delay seconds ; ]
[ notify-to-soa yes_or_no; ]
[ pubkey number number number string ; ]
[ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ zone-statistics full | terse | none; ]
[ sig-validity-interval number [number] ; ]
[ sig-signing-nodes number ; ]
[ sig-signing-signatures number ; ]
[ sig-signing-type number ; ]
[ database string ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ key-directory path_name; ]
[ auto-dnssec allow|maintain|off; ]
[ inline-signing yes_or_no; ]
[ zero-no-soa-ttl yes_or_no ; ]
[ serial-update-method increment|unixtime; ]
[ max-zone-ttl number ; ]
};
zone zone_name [class] {
type slave;
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-query-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ dnssec-update-mode ( maintain | no-resign ); ]
[ update-check-ksk yes_or_no; ]
[ dnssec-dnskey-kskonly yes_or_no; ]
[ dnssec-loadkeys-interval number; ]
[ dnssec-secure-to-insecure yes_or_no ; ]
[ try-tcp-refresh yes_or_no; ]
[ also-notify [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
[port ip_port]
[dscp ip_dscp]
[key key] ) ; [...] }; ]
[ check-names (warn|fail|ignore) ; ]
[ dialup dialup_option ; ]
[ file string ; ]
[ masterfile-format (text|raw|map) ; ]
[ journal string ; ]
[ max-journal-size size_spec; ]
[ forward (only|first) ; ]
[ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
[ ixfr-base string ; ]
[ ixfr-from-differences yes_or_no; ]
[ ixfr-tmp-file string ; ]
[ maintain-ixfr-base yes_or_no ; ]
[ masters [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
[port ip_port]
[dscp ip_dscp]
[key key] ) ; [...] }; ]
[ max-ixfr-log-size number ; ]
[ max-transfer-idle-in number ; ]
[ max-transfer-idle-out number ; ]
[ max-transfer-time-in number ; ]
[ max-transfer-time-out number ; ]
[ notify yes_or_no | explicit | master-only ; ]
[ notify-delay seconds ; ]
[ notify-to-soa yes_or_no; ]
[ pubkey number number number string ; ]
[ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ alt-transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ alt-transfer-source-v6 (ip6_addr | *)
[port ip_port]
[dscp ip_dscp] ; ]
[ use-alt-transfer-source yes_or_no; ]
[ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ zone-statistics full | terse | none; ]
[ sig-validity-interval number [number] ; ]
[ sig-signing-nodes number ; ]
[ sig-signing-signatures number ; ]
[ sig-signing-type number ; ]
[ database string ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ key-directory path_name; ]
[ auto-dnssec allow|maintain|off; ]
[ inline-signing yes_or_no; ]
[ multi-master yes_or_no ; ]
[ zero-no-soa-ttl yes_or_no ; ]
};
zone zone_name [class] {
type hint;
file string ;
[ delegation-only yes_or_no ; ]
[ check-names (warn|fail|ignore) ; ] // Not Implemented.
};
zone zone_name [class] {
type stub;
[ allow-query { address_match_list }; ]
[ allow-query-on { address_match_list }; ]
[ check-names (warn|fail|ignore) ; ]
[ dialup dialup_option ; ]
[ delegation-only yes_or_no ; ]
[ file string ; ]
[ masterfile-format (text|raw|map) ; ]
[ forward (only|first) ; ]
[ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
[ masters [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
[port ip_port]
[dscp ip_dscp]
[key key] ) ; [...] }; ]
[ max-transfer-idle-in number ; ]
[ max-transfer-time-in number ; ]
[ pubkey number number number string ; ]
[ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ transfer-source-v6 (ip6_addr | *)
[port ip_port] [dscp ip_dscp] ; ]
[ alt-transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ alt-transfer-source-v6 (ip6_addr | *)
[port ip_port] [dscp ip_dscp] ; ]
[ use-alt-transfer-source yes_or_no; ]
[ zone-statistics yes_or_no ; ]
[ database string ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ multi-master yes_or_no ; ]
};
zone zone_name [class] {
type static-stub;
[ allow-query { address_match_list }; ]
[ server-addresses { [ ip_addr ; ... ] }; ]
[ server-names { [ namelist ] }; ]
[ zone-statistics yes_or_no ; ]
};
zone zone_name [class] {
type forward;
[ forward (only|first) ; ]
[ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
[ delegation-only yes_or_no ; ]
};
zone "." [class] {
type redirect;
file string ;
[ masterfile-format (text|raw|map) ; ]
[ allow-query { address_match_list }; ]
[ max-zone-ttl number ; ]
};
zone zone_name [class] {
type delegation-only;
};
zone zone_name [class] {
[ in-view string ; ]
};
4、資源記錄( RR)組成:
Owner name 全部者名稱,指定域名對應記錄的位置
Type 一個16位編碼的值用來設定這個源記錄中的源的類型.類型涉及到抽象記錄
TTL 定義 RR 記錄的生存時間.這個字段是一個以秒計算 32 位整數,主要設置該記錄在緩存裏的保留時間.
Class 一個 16 位編碼值定義一組協議或者一協議示例
RDATA 描述源頭的類型和獨立類的數據.
5、options的語法
options {
[ version version_string; ]
[ directory path_name; ]
[ named-xfer path_name; ]
[ tkey-domain domainname; ]
[ tkey-dhkey key_name key_tag; ]
[ dump-file path_name; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ statistics-file path_name; ]
[ zone-statistics yes_or_no; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup dialup_option; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ has-old-clients yes_or_no; ]
[ host-statistics yes_or_no; ]
[ minimal-responses yes_or_no; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no | explicit; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ maintain-ixfr-base yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
[ check-names ( master | slave | response )( warn | fail | ignore ); ]
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-v6-synthesis { address_match_list }; ]
[ blackhole { address_match_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ tcp-clients number; ]
[ recursive-clients number; ]
[ serial-query-rate number; ]
[ serial-queries number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ transfer-source (ip4_addr | *) [port ip_port] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ alsonotify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
[ max-ixfr-log-size number; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
[ stacksize size_spec ; ]
[ cleaning-interval number; ]
[ heartbeat-interval number; ]
[ interface-interval number; ]
[ statistics-interval number; ]
[ topology { address_match_list }];
[ sortlist { address_match_list }];
[ rrset-order { order_spec ; [ order_spec ; ... ] } };
[ lame-ttl number; ]
[ max-ncache-ttl number; ]
[ max-cache-ttl number; ]
[ sig-validity-interval number ; ]
[ min-roots number; ]
[ use-ixfr yes_or_no ; ]
[ provide-ixfr yes_or_no; ]
[ request-ixfr yes_or_no; ]
[ treat-cr-as-space yes_or_no ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ port ip_port; ]
[ additional-from-auth yes_or_no ; ]
[ additional-from-cache yes_or_no ; ]
[ random-device path_name ; ]
[ max-cache-size size_spec ; ]
[ match-mapped-addresses yes_or_no; ]
};
6、key語法
key key_id {
algorithm algorithm_id;
secret secret_string;
};
7、logging Statement Grammar
logging {
[ channel channel_name {
( file path_name
[ versions ( number | unlimited ) ]
[ size size_spec ]
| syslog syslog_facility
| stderr
| null );
[ severity (critical | error | warning | notice |
info | debug [ level ] | dynamic ); ]
[ print-category yes or no; ]
[ print-severity yes or no; ]
[ print-time yes or no; ]
}; ]
[ category category_name {
channel_name ; [ channel_name ; ... ]
}; ]
...
};
8、server Statement Grammar
server ip_addr[/prefixlen] {
[ bogus yes_or_no ; ]
[ provide-ixfr yes_or_no ; ]
[ request-ixfr yes_or_no ; ]
[ request-nsid yes_or_no ; ]
[ request-sit yes_or_no ; ]
[ edns yes_or_no ; ]
[ edns-udp-size number ; ]
[ nosit-udp-size number ; ]
[ max-udp-size number ; ]
[ transfers number ; ]
[ transfer-format ( one-answer | many-answers ) ; ]]
[ keys { key_id }; ]
[ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
[ query-source [ address ( ip_addr | * ) ]
[ port ( ip_port | * ) ] [dscp ip_dscp] ; ]
[ use-queryport-pool yes_or_no; ]
[ queryport-pool-ports number; ]
[ queryport-pool-updateinterval number; ]
};
9、controls Statement Grammar
controls {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { address_match_list }
keys { key_list }; ]
[ inet ...; ]
[ unix path perm number owner number group number
keys { key_list }; ]
[ unix ...; ]
};
10、lwres:定義named爲一個輕量級的解析進程
lwres {
[ listen-on { ip_addr[port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
[ view view_name; ]
[ search { domain_name ; [domain_name ; ... ] }; ]
[ ndots number; ]
};
11、acl:定義IP地址表的名字,用於訪問控制等
acl acl-name {
address_match_list;
}