• Intro
• Full List of Statements
• Masters Clause Syntax
• Usage Examples

DNS BIND9 masters Clause
This section describes the masters clause available in BIND 9.x which allows the
user to define a list of zone masters from which notifies will be received and 
from which zone transfers may be requested. The masters clause may be referenced
from a masters statement that may appear in a zone of type slave or an 
also-notify statement that may appear in a zone clause of type master.

Note:
This can be a confusing clause. When used in a masters statement the list 
refers to IP addresses to which a transfer request may be made and from which a 
NOTIFY statement may be accepted. When used with an also-notify statement it 
refers to a list of IP addresses to which NOTIFY messages will be sent. There is
a significant difference between these two uses.



Full list of statements.


masters clause syntax


masters masters-name [port gp-num] [dscp gd-num] 
{ ( masters-list |IP-Address 
            [port p-num] [key key] ) ; [...] }; 
};

Note: Items in bold are keywords.

masters-name is a unique name that references this masters list. It can 
optionally be enclosed in a quoted string, but if a space appears in the 
masters-name it must be enclosed in a quoted string, for example "my masters" 
(quoted string required) but my-masters (quoted string is optional). Multiple 
masters clauses may be defined, each having a unique masters-name. gp-num 
defines a port number that will be applied to all IP addresses in the defined 
list unless explicity overwritten by a port p-num element which applies only to 
a specific IP-Address (default in both cases is port 53). key-name refers to a 
key clause which may be use to authenticate the zone transfer or the NOTIFY 
message. From BIND9.10 the clause also allows the use of a DiffServ 
Differentiated Service Code Point (DSCP) number (range 0 - 95, where supported 
by the OS), defined by gd-num, to be used to identify the traffic classification
for all IP address in the masters-list or the explictly defined IP-Address list.

 In previous versions of this page we indicated the masters-list 
structure was an address_match_list which allows, among many things, reference 
to an ACL clause. We were wrong (again). Our penance was to write a separate 
page defining the masters list format. 


Examples of usage are defined below:


// Example 1 named.conf fragment
// explicit IP-Address list definition
// 192.168.2.3 will send NOTIFY and/or provide zone
// transfer on port 1053, 192.168.17.4 on default port 53
options 
{
	...
};
masters master-ips {192.168.2.3 port 1053; 192.168.17.4;};
...
zone example.com 
{
	type slave;
	...
	masters {master-ips;};
};
...

// Example 2 named.conf fragment
// referencing a nested masters clause with a key option
// (all operations use default port 53)
// 192.168.2.4 uses a key to authenticate all (zone transfer and/or notify operations)
key srv-key 
{
	...
}
masters some-ips {192.168.2.4 key srv-key; 192.168.3.4; 192.168.5.4;};
options 
{
	...
};
masters master-ips {some-ips;192.168.7.12;};
...
zone example.com 
{
	type slave;
	...
	masters {master-ips;};
};
...

// Example 3 named.conf fragment
// referencing a nested masters clause with port 1053 override
// (all operations use port 1053)

masters some-ips {192.168.2.4; 192.168.3.4; 192.168.5.4};
options 
{
	...
};
masters master-ips port 1053 {some-ips;};
...
zone example.com 
{
	type slave;
	...
	masters {master-ips;};
};
...


// Example 4 named.conf fragment
// multiple masters clauses
// referencing a nested masters clause with port 1053 override
// - all operations referencing master-ips use port 1053
// - all operations referencing more-ips use port 53
masters some-ips {192.168.2.4; 192.168.3.4; 192.168.5.4};
options 
{
	...
};
masters master-ips port 1053 {some-ips;};
// optional quoted string
masters "more-ips" { some-ips;};
...
zone example.com 
{
	type slave;
	...
	masters {master-ips;};
};

zone example.net 
{
	type slave;
	...
	masters {more-ips;};
};
...