There are some named.conf options left that should be presented. fake-iqueryIQUERY is an obsolete DNS query type. It was meant to perform reverse lookups, much the way the in-addr.arpa domain is used for reverse lookups now. In some quite old RFCs, IQUERY clients were talked about to the effect of "the result is never used for anything useful." Newer documentations claim that old versions of nslookup are the only remaining applications using IQUERY. By default, BIND does not support IQUERYs. However, IQUERY can be enabled with the fake-iquery option, in which case the response for an IQUERY for 192.168.0.2 is the hostname [129.168.0.2] (with the brackets). This is clearly fake. treat-cr-as-spaceIf you generate your zone files on a DOS/Windows/NT and then transfer them to UNIX in binary format, the files will have CR-NL newlines instead of NL, as expected on UNIX machines. This option, should you choose to enable it, makes named treat the superfluous CR as space, rendering it harmless. min-rootsThis is the minimum number of root servers the server must know about before answering any query about the root servers. The default is 2. In that case, if the server knows only one root server, it won't answer any queries about it. The theory is that if the server knows fewer than this number of root servers, it knows nothing about the root servers worth passing on to other servers. If you're on the Internet, do not lower this number. If you're on a closed network, you should have at least two internal root servers, and you won't have to adjust it in any case. has-old-clientsThis is an alias for auth-nxdomain yes; maintain-ixfr-base yes; rfc2308-type1 no; If you combine any of those options with has-old-clients, the result is order-dependent. These are all the default values in BIND 8.2.2P5. auth-nxdomainThe documentations simply state to not change this from the default, which is yes. I'm afraid I don't know the reasons behind this. rfc2308-type1RFC2308 specifies to send the NS record along with the SOA record for negative answers. Old forwarding servers will not understand this; therefore, the default is no. If you know you don't have any old servers forwarding queries to you (due to forwarder options), you can enable this. |