X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=scripts%2Fnamed-conf.8;h=0faae0ae7c0789b47b2f7b92db6013cf3c648db3;hp=b1547fe93e2c440e5f7e011271243227009b3ef2;hb=e8515be07c35dc99904b40c429e3391d10f0155a;hpb=a1b7a7b6db57195a58daa86265d85d26befc832a diff --git a/scripts/named-conf.8 b/scripts/named-conf.8 index b1547fe..0faae0a 100644 --- a/scripts/named-conf.8 +++ b/scripts/named-conf.8 @@ -152,7 +152,9 @@ several physical lines. .SS GENERAL DIRECTIVES These directives specify general configuration details. They should appear before directives specifying zones, as each will affect only -later zone directives. +later zone directives. Foreign zones (zones explicitly specified on +the command line but not mentioned in the configuration) use the +configuration settings prevailing at the end of the config file. .TP \fBadmin\fP \fIemail\-address\fP Specifies the email address of the local administrator. This is used @@ -174,9 +176,15 @@ option is specified. Specifies the list of addresses that are forbidden as any nameserver for any zone. The default is no such addresses. .TP +\fBforbid\-addr\fP [\fIip-address ...\fP] +Specifies the list of addresses that are forbidden as a nameserver +for a zone for which we are the primary - ie, the list of our old or +to-be-obsoleted slaves. The default is no such addresses. +.TP \fBserverless\-glueless\fP \fIdomain ...\fP Specifies a list of domains under which we do not expect to find any -nameservers; for these zones it is OK to find glueless referrals. +nameservers without glue; for these zones it is OK to find glueless +referrals. Each domain listed names a complete subtree of the DNS, starting at the named point. The default is .BR "in\-addr.arpa ip6.arpa ip6.int" . @@ -185,8 +193,30 @@ To avoid indefinitely long or even circularly glueless referrals (which delay or prevent lookups) it is necessary for all sites to effectively implement similar conventions; currently the author believes that only the reverse lookup namespaces are conventionally -devoid of nameservers, and therefore fine to provide glueless -referrals for. See GLUELESSNESS below. +devoid of (glueless) nameservers, and therefore fine to provide +glueless referrals for. See GLUELESSNESS below. +.TP +\fBallow-\-indirect\-glue\fP \fInameserver-superdomain ...\fP +Specifies a list of domains under which we expect to find glueless +nameservers, with up to one layer of indirection. +For nameservers under these domains it is OK to to find glueless +referrals, but only when listed as a nameserver for a zone which is +not itself a subdomain of an \fBallow-indirect-glue\fR +\fInameserver-superdomain\fR. + +This supports to common configuration style where DNS operator(s) set +up all of their nameservers with names within a small subsection of +the DNS (the portions under \fInameserver-superdomain\fRs), and +provide glueless referrals naming these nameservers for all other +zones. This provides at most one level of missing glue. + +Note that if the DNS administrators collectively able to influence the +service for some zone (including the admins for its superzones, the +zones containing its nameservers, and their superzones and so forth) +are not in sufficiently close communication do not all agree on the +proper set of \fInameserver-superdomain\fR then they might still set +up circular glue and \fBchiark-named-conf\fR would not necessarily be +able to detect this even if it was run on every relevant nameserver. .TP \fBmail\-state\-dir\fP \fIdirectory\fP Uses @@ -562,5 +592,5 @@ FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along -with this program; if not, write to the Free Software Foundation, Inc., -59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +with this program; if not, consult the Free Software Foundation's +website at www.fsf.org, or the GNU Project website at www.gnu.org.