• secret "" — The encrypted key.Refer to Section 4.2, “Configuring /etc/rndc.conf” for instructions on how to write a keystatement.• logging — Allows for the use of multiple types of logs, called channels. By using thechannel option within the logging statement, a customized type of log, with its own file name(file), size limit (size), versioning (version), and level of importance (severity), can beconstructed. Once a customized channel has been defined, a category option is used tocategorize the channel and begin logging when named is restarted.By default, named logs standard messages to the syslog daemon, which places them in/var/log/messages. This occurs because several standard channels are built into BIND withvarious severity levels, such as one that handles informational logging messages(default_syslog) and another that specifically handles debugging messages(default_debug). A default category, called default, uses the built-in channels to do normallogging without any special configuration.Customizing the logging process can be a very detailed process and is beyond the scope ofthis chapter. For information on creating custom BIND logs, refer to the BIND 9 AdministratorReference Manual referenced in Section 7.1, “Installed Documentation”.• server — Specifies options that affect how named should respond to remote nameservers,especially in regards to notifications and zone transfers.The transfer-format option controls whether one resource record is sent with eachmessage (one-answer) or multiple resource records are sent with each message(many-answers). While many-answers is more efficient, only newer BIND nameserversunderstand it.• trusted-keys — Contains assorted public keys used for secure DNS (DNSSEC). Refer toSection 5.3, “Security” for more information concerning BIND security.• view "" — Creates special views depending upon which network the hostquerying the nameserver is on. This allows some hosts to receive one answer regarding azone while other hosts receive totally different information. Alternatively, certain zones mayonly be made available to particular trusted hosts while non-trusted hosts can only makequeries for other zones.Multiple views may be used, but their names must be unique. The match-clients optionspecifies the IP addresses that apply to a particular view. Any options statements may alsobe used within a view, overriding the global options already configured for named. Most viewstatements contain multiple zone statements that apply to the match-clients list. The orderin which view statements are listed is important, as the first view statement that matches aparticular client's IP address is used.Refer to Section 5.2, “Multiple Views” for more information about the view statement.Comment Tags221
