Syntax zone domain_name [ ( in | hs | hesiod | chaos ) ] { type master; file path_name; [ check-names ( warn | fail | ignore ); ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list }; ] [ allow-transfer { address_match_list }; ] [ forward ( only | first ); ] [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ] [ dialup yes_or_no; ] [ notify yes_or_no; ] [ also-notify { ip_addr; [ ip_addr; ... ] }; [ pubkey number number number string; ] }; zone domain_name [ ( in | hs | hesiod | chaos ) ] { type ( slave | stub ); [ file path_name; ] masters [ port ip_port ] { ip_addr; [ ip_addr; ... ] }; [ check-names ( warn | fail | ignore ); ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list }; ] [ allow-transfer { address_match_list }; ] [ forward ( only | first ); ] [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ] [ transfer-source ip_addr; ] [ max-transfer-time-in number; ] [ notify yes_or_no; ] [ also-notify { ip_addr; [ ip_addr; ... ] }; [ pubkey number number number string; ] }; zone domain_name [ ( in | hs | hesiod | chaos ) ] { type forward; [ forward ( only | first ); ] [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ] [ check-names ( warn | fail | ignore ); ] }; zone "." [ ( in | hs | hesiod | chaos ) ] { type hint; file path_name; [ check-names ( warn | fail | ignore ); ] }; Definition and Usage The zone statement is used to define how information about particular DNS zones is managed by the server. There are five different zone types. | Master | The server has a master copy of the data for the zone and will be able to provide authoritative answers for it. | | Slave | A slave zone is a replica of a master zone. The masters list specifies one or more IP addresses that the slave contacts to update its copy of the zone. If a port is specified then checks to see if the zone is current and zone transfers will be done to the port given. If file is specified, then the replica will be written to the named file. Use of the file clause is highly recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. | | Stub | A stub zone is like a slave zone, except that it replicates only the NS records of a master zone instead of the entire zone. | | Forward | A forward zone is used to direct all queries in it to other servers, as described in The Options Statement section. The specification of options in such a zone will override any global options declared in the options statement. | | | If either no forwarders clause is present in the zone or an empty list for forwarders is given, then no forwarding will be done for the zone, canceling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change only the behavior of the global forward option, and not the servers used, then you also need to respecify the global forwarders. | | Hint | The initial set of root nameservers is specified using a hint zone. | | | When the server starts up, it uses the root hints to find a root nameserver and get the most recent list of root nameservers. | Note Previous releases of BIND used the term primary for a master zone, secondary for a slave zone, and cache for a hint zone.
Classes The zone's name may optionally be followed by a class. If a class is not specified, class in (for "internet") is assumed. This is correct for the vast majority of cases. The hesiod class is for an information service from MIT's Project Athena. It is used to share information about various systems databases, such as users, groups, printers and so on. More information can be found at ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS. The keyword hs is a synonym for hesiod. Another MIT development was CHAOSnet, a LAN protocol created in the mid-1970s. It is still sometimes seen on LISP stations and other hardware in the AI community, and zone data for it can be specified with the chaos class. Options | check-names | See the subsection on Name Checking in The Options Statement. | | allow-query | See the description of allow-query in the Access Control subsection of The Options Statement. | | allow-update | Specifies which hosts are allowed to submit Dynamic DNS updates to the server. The default is to deny updates from all hosts. | | allow-transfer | See the description of allow-transfer in the Access Control subsection of The Options Statement. | | transfer-source | transfer-source determines which local address will be bound to the TCP connection used to fetch this zone. If not set, it defaults to a system controlled value which will usually be the address of the interface "closest to" the remote end. This address must appear in the remote end's allow-transfer option for this zone if one is specified. | | max-transfer-time-in | See the description of max-transfer-time-in in the Zone Transfers subsection of The Options Statement. | | Dialup | See the description of dialup in the Boolean Options subsection of The Options Statement. | | Notify | See the description of notify in the Boolean Options subsection of The Options Statement. | | also-notify | also-notify is only meaningful if notify is active for this zone. The set of machines that will receive a DNS NOTIFY message for this zone is made up of all the listed nameservers for the zone (other than the primary master) plus any IP addresses specified with also-notify. also-notify is not meaningful for stub zones. The default is the empty list. | | Forward | forward is only meaningful if the zone has a forwarders list. The only value causes the lookup to fail after trying the forwarders and getting no answer, while first would allow a normal lookup to be tried. | | Forwarders | The forwarders option in a zone is used to override the list of global forwarders. If it is not specified in a zone of type forward, no forwarding is done for the zone; the global options are not used. | | Pubkey | The DNSSEC flags, protocol, and algorithm are specified, as well as a base-64 encoded string representing the key. | |
