mail us  |  mail this page

contact us
training  | 
tech stuff  | 

BIND 9 Support

DNS BIND9 masters Clause

This section describes the masters clause available in BIND 9.x which allows the user to define a list of zone masters from which notifies will be received and from which zone transfers may be requested. The masters clause may be referenced from a masters statement that may appear in a zone of type slave or an also-notify statement that may appear in a zone clause of type master.

Note: This can be a confusing clause. When used in a masters statement the list refers to IP addresses to which a transfer request may be made and from which a NOTIFY statement may be accepted. When used with an also-notify statement it refers to a list of IP addresses to which NOTIFY messages will be sent. There is a significant difference between these two uses.

Full list of statements.

masters clause syntax

masters masters-name [port gp-num] [dscp gd-num] { ( masters-list |IP-Address 
            [port p-num] [key key] ) ; [...] }; 
};

Note: Items in bold are keywords.

masters-name is a unique name that references this masters list. It can optionally be enclosed in a quoted string, but if a space appears in the masters-name it must be enclosed in a quoted string, for example "my masters" (quoted string required) but my-masters (quoted string is optional). Multiple masters clauses may be defined, each having a unique masters-name. gp-num defines a port number that will be applied to all IP addresses in the defined list unless explicity overwritten by a port p-num element which applies only to a specific IP-Address (default in both cases is port 53). key-name refers to a key clause which may be use to authenticate the zone transfer or the NOTIFY message. From BIND9.10 the clause also allows the use of a DiffServ Differentiated Service Code Point (DSCP) number (range 0 - 95, where supported by the OS), defined by gd-num, to be used to identify the traffic classification for all IP address in the masters-list or the explictly defined IP-Address list.

<grovel> In previous versions of this page we indicated the masters-list structure was an address_match_list which allows, among many things, reference to an ACL clause. We were wrong (again). Our penance was to write a separate page defining the masters list format. </grovel>

Examples of usage are defined below:

// Example 1 named.conf fragment
// explicit IP-Address list definition
// 192.168.2.3 will send NOTIFY and/or provide zone
// transfer on port 1053, 192.168.17.4 on default port 53
options {
  ...
};
masters master-ips {192.168.2.3 port 1053; 192.168.17.4;};
 ...
zone example.com {
  type slave;
  ...
  masters {master-ips;};
};
...

// Example 2 named.conf fragment
// referencing a nested masters clause with a key option
// (all operations use default port 53)
// 192.168.2.4 uses a key to authenticate all (zone transfer and/or notify operations)
key srv-key {
...
}
masters some-ips {192.168.2.4 key srv-key; 192.168.3.4; 192.168.5.4;};
options {
  ...
};
masters master-ips {some-ips;192.168.7.12;};
 ...
zone example.com {
  type slave;
  ...
  masters {master-ips;};
};
...

// Example 3 named.conf fragment
// referencing a nested masters clause with port 1053 override
// (all operations use port 1053)

masters some-ips {192.168.2.4; 192.168.3.4; 192.168.5.4};
options {
  ...
};
masters master-ips port 1053 {some-ips;};
 ...
zone example.com {
  type slave;
  ...
  masters {master-ips;};
};
...


// Example 4 named.conf fragment
// multiple masters clauses
// referencing a nested masters clause with port 1053 override
// - all operations referencing master-ips use port 1053
// - all operations referencing more-ips use port 53
masters some-ips {192.168.2.4; 192.168.3.4; 192.168.5.4};
options {
  ...
};
masters master-ips port 1053 {some-ips;};
// optional quoted string
masters "more-ips" { some-ips;};
 ...
zone example.com {
  type slave;
  ...
  masters {master-ips;};
};

zone example.net {
  type slave;
  ...
  masters {more-ips;};
};
...


Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 zone records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfcs
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: January 20 2022.