mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-27 04:28:33 +00:00
52b3d86ef0
Previously, the number of RR types for a single owner name was limited only by the maximum number of the types (64k). As the data structure that holds the RR types for the database node is just a linked list, and there are places where we just walk through the whole list (again and again), adding a large number of RR types for a single owner named with would slow down processing of such name (database node). Add a configurable limit to cap the number of the RR types for a single owner. This is enforced at the database (rbtdb, qpzone, qpcache) level and configured with new max-types-per-name configuration option that can be configured globally, per-view and per-zone.
65 lines
3.0 KiB
Plaintext
65 lines
3.0 KiB
Plaintext
zone <string> [ <class> ] {
|
|
type secondary;
|
|
allow-notify { <address_match_element>; ... };
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow-update-forwarding { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
check-names ( fail | warn | ignore );
|
|
checkds ( explicit | <boolean> );
|
|
database <string>;
|
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
|
dlz <string>;
|
|
dnskey-sig-validity <integer>; // obsolete
|
|
dnssec-dnskey-kskonly <boolean>; // obsolete
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-policy <string>;
|
|
dnssec-update-mode ( maintain | no-resign ); // obsolete
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
inline-signing <boolean>;
|
|
ixfr-from-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key-directory <quoted_string>;
|
|
masterfile-format ( raw | text );
|
|
masterfile-style ( full | relative );
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-records <integer>;
|
|
max-records-per-type <integer>;
|
|
max-refresh-time <integer>;
|
|
max-retry-time <integer>;
|
|
max-transfer-idle-in <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-in <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-types-per-name <integer>;
|
|
min-refresh-time <integer>;
|
|
min-retry-time <integer>;
|
|
multi-master <boolean>;
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-source ( <ipv4_address> | * );
|
|
notify-source-v6 ( <ipv6_address> | * );
|
|
notify-to-soa <boolean>;
|
|
nsec3-test-zone <boolean>; // test only
|
|
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
parental-source ( <ipv4_address> | * );
|
|
parental-source-v6 ( <ipv6_address> | * );
|
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
|
transfer-source ( <ipv4_address> | * );
|
|
transfer-source-v6 ( <ipv6_address> | * );
|
|
try-tcp-refresh <boolean>;
|
|
update-check-ksk <boolean>; // obsolete
|
|
zero-no-soa-ttl <boolean>;
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
};
|