Remove building with NOCRYPTO option
[minix.git] / external / bsd / bind / dist / bin / named / named.conf.html
blob46572adf2940365906c6429e2cc7069954b0eb33
1 <!--
2 - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
3 -
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
7 -
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
15 -->
16 <!-- Id -->
17 <html>
18 <head>
19 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
20 <title>named.conf</title>
21 <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
22 </head>
23 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
24 <a name="id2476282"></a><div class="titlepage"></div>
25 <div class="refnamediv">
26 <h2>Name</h2>
27 <p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
28 </div>
29 <div class="refsynopsisdiv">
30 <h2>Synopsis</h2>
31 <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
32 </div>
33 <div class="refsect1" lang="en">
34 <a name="id2543370"></a><h2>DESCRIPTION</h2>
35 <p><code class="filename">named.conf</code> is the configuration file
36 for
37 <span><strong class="command">named</strong></span>. Statements are enclosed
38 in braces and terminated with a semi-colon. Clauses in
39 the statements are also semi-colon terminated. The usual
40 comment styles are supported:
41 </p>
42 <p>
43 C style: /* */
44 </p>
45 <p>
46 C++ style: // to end of line
47 </p>
48 <p>
49 Unix style: # to end of line
50 </p>
51 </div>
52 <div class="refsect1" lang="en">
53 <a name="id2543398"></a><h2>ACL</h2>
54 <div class="literallayout"><p><br>
55 acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
56 <br>
57 </p></div>
58 </div>
59 <div class="refsect1" lang="en">
60 <a name="id2543414"></a><h2>KEY</h2>
61 <div class="literallayout"><p><br>
62 key <em class="replaceable"><code>domain_name</code></em> {<br>
63 algorithm <em class="replaceable"><code>string</code></em>;<br>
64 secret <em class="replaceable"><code>string</code></em>;<br>
65 };<br>
66 </p></div>
67 </div>
68 <div class="refsect1" lang="en">
69 <a name="id2543433"></a><h2>MASTERS</h2>
70 <div class="literallayout"><p><br>
71 masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
72 <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
73 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
74 };<br>
75 </p></div>
76 </div>
77 <div class="refsect1" lang="en">
78 <a name="id2543479"></a><h2>SERVER</h2>
79 <div class="literallayout"><p><br>
80 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
81 bogus <em class="replaceable"><code>boolean</code></em>;<br>
82 edns <em class="replaceable"><code>boolean</code></em>;<br>
83 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
84 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
85 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
86 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
87 keys <em class="replaceable"><code>server_key</code></em>;<br>
88 transfers <em class="replaceable"><code>integer</code></em>;<br>
89 transfer-format ( many-answers | one-answer );<br>
90 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
91 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
92 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
93 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
94 <br>
95 support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
96 };<br>
97 </p></div>
98 </div>
99 <div class="refsect1" lang="en">
100 <a name="id2543547"></a><h2>TRUSTED-KEYS</h2>
101 <div class="literallayout"><p><br>
102 trusted-keys {<br>
103 <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
104 };<br>
105 </p></div>
106 </div>
107 <div class="refsect1" lang="en">
108 <a name="id2543573"></a><h2>MANAGED-KEYS</h2>
109 <div class="literallayout"><p><br>
110 managed-keys {<br>
111 <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
112 };<br>
113 </p></div>
114 </div>
115 <div class="refsect1" lang="en">
116 <a name="id2543602"></a><h2>CONTROLS</h2>
117 <div class="literallayout"><p><br>
118 controls {<br>
119 inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
120 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
121 allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
122 [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
123 unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
124 };<br>
125 </p></div>
126 </div>
127 <div class="refsect1" lang="en">
128 <a name="id2543637"></a><h2>LOGGING</h2>
129 <div class="literallayout"><p><br>
130 logging {<br>
131 channel <em class="replaceable"><code>string</code></em> {<br>
132 file <em class="replaceable"><code>log_file</code></em>;<br>
133 syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
134 null;<br>
135 stderr;<br>
136 severity <em class="replaceable"><code>log_severity</code></em>;<br>
137 print-time <em class="replaceable"><code>boolean</code></em>;<br>
138 print-severity <em class="replaceable"><code>boolean</code></em>;<br>
139 print-category <em class="replaceable"><code>boolean</code></em>;<br>
140 };<br>
141 category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
142 };<br>
143 </p></div>
144 </div>
145 <div class="refsect1" lang="en">
146 <a name="id2543675"></a><h2>LWRES</h2>
147 <div class="literallayout"><p><br>
148 lwres {<br>
149 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
150 <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
151 };<br>
152 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
153 search { <em class="replaceable"><code>string</code></em>; ... };<br>
154 ndots <em class="replaceable"><code>integer</code></em>;<br>
155 };<br>
156 </p></div>
157 </div>
158 <div class="refsect1" lang="en">
159 <a name="id2543717"></a><h2>OPTIONS</h2>
160 <div class="literallayout"><p><br>
161 options {<br>
162 avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
163 avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
164 blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
165 coresize <em class="replaceable"><code>size</code></em>;<br>
166 datasize <em class="replaceable"><code>size</code></em>;<br>
167 directory <em class="replaceable"><code>quoted_string</code></em>;<br>
168 dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
169 files <em class="replaceable"><code>size</code></em>;<br>
170 heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
171 host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
172 host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
173 hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
174 interface-interval <em class="replaceable"><code>integer</code></em>;<br>
175 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
176 listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
177 match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
178 memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
179 pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
180 port <em class="replaceable"><code>integer</code></em>;<br>
181 querylog <em class="replaceable"><code>boolean</code></em>;<br>
182 recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
183 reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
184 random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
185 recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
186 serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
187 server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
188 stacksize <em class="replaceable"><code>size</code></em>;<br>
189 statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
190 statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
191 tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
192 tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
193 tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
194 tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
195 tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
196 tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
197 transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
198 transfers-in <em class="replaceable"><code>integer</code></em>;<br>
199 transfers-out <em class="replaceable"><code>integer</code></em>;<br>
200 use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
201 version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
202 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
203 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
204 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
205 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
206 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
207 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
208 recursion <em class="replaceable"><code>boolean</code></em>;<br>
209 rrset-order {<br>
210 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
211 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span><em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
212 };<br>
213 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
214 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
215 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
216 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
217 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
218 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
219 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
220 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
221 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
222 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
223 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
224 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
225 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
226 lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
227 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
228 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
229 transfer-format ( many-answers | one-answer );<br>
230 max-cache-size <em class="replaceable"><code>size</code></em>;<br>
231 max-acache-size <em class="replaceable"><code>size</code></em>;<br>
232 clients-per-query <em class="replaceable"><code>number</code></em>;<br>
233 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
234 check-names ( master | slave | response )<br>
235 ( fail | warn | ignore );<br>
236 check-mx ( fail | warn | ignore );<br>
237 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
238 check-mx-cname ( fail | warn | ignore );<br>
239 check-srv-cname ( fail | warn | ignore );<br>
240 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
241 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
242 preferred-glue <em class="replaceable"><code>string</code></em>;<br>
243 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
244 <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
245 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
246 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
247 };<br>
248 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
249 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
250 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
251 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
252 disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
253 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
254 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
255 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
256 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
257 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
258 <br>
259 dns64-server <em class="replaceable"><code>string</code></em>;<br>
260 dns64-contact <em class="replaceable"><code>string</code></em>;<br>
261 dns64 <em class="replaceable"><code>prefix</code></em> {<br>
262 clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
263 exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
264 mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
265 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
266 recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
267 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
268 };<br>
269 <br>
270 empty-server <em class="replaceable"><code>string</code></em>;<br>
271 empty-contact <em class="replaceable"><code>string</code></em>;<br>
272 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
273 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
274 <br>
275 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
276 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
277 <br>
278 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
279 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
280 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
281 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
282 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
283 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
284 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
285 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
286 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
287 <br>
288 masterfile-format ( text | raw | map );<br>
289 notify <em class="replaceable"><code>notifytype</code></em>;<br>
290 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
291 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
292 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
293 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
294 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
295 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
296 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
297 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
298 <br>
299 forward ( first | only );<br>
300 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
301 <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
302 };<br>
303 <br>
304 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
305 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
306 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
307 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
308 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
309 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
310 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
311 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
312 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
313 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
314 <br>
315 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
316 sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
317 sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
318 sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
319 sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
320 <br>
321 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
322 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
323 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
324 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
325 <br>
326 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
327 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
328 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
329 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
330 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
331 <br>
332 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
333 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
334 managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
335 auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
336 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
337 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
338 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
339 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
340 deny-answer-addresses {<br>
341 <em class="replaceable"><code>address_match_list</code></em><br>
342 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
343 deny-answer-aliases {<br>
344 <em class="replaceable"><code>namelist</code></em><br>
345 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
346 <br>
347 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
348 <br>
349 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
350 deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
351 fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
352 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
353 has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
354 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
355 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
356 multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
357 named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
358 serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
359 treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
360 use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
361 };<br>
362 </p></div>
363 </div>
364 <div class="refsect1" lang="en">
365 <a name="id2544602"></a><h2>VIEW</h2>
366 <div class="literallayout"><p><br>
367 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
368 match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
369 match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
370 match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
371 <br>
372 key <em class="replaceable"><code>string</code></em> {<br>
373 algorithm <em class="replaceable"><code>string</code></em>;<br>
374 secret <em class="replaceable"><code>string</code></em>;<br>
375 };<br>
376 <br>
377 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
378 ...<br>
379 };<br>
380 <br>
381 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
382 ...<br>
383 };<br>
384 <br>
385 trusted-keys {<br>
386 <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
387 [<span class="optional">...</span>]<br>
388 };<br>
389 <br>
390 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
391 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
392 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
393 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
394 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
395 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
396 recursion <em class="replaceable"><code>boolean</code></em>;<br>
397 rrset-order {<br>
398 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
399 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span><em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
400 };<br>
401 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
402 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
403 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
404 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
405 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
406 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
407 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
408 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
409 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
410 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
411 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
412 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
413 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
414 lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
415 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
416 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
417 transfer-format ( many-answers | one-answer );<br>
418 max-cache-size <em class="replaceable"><code>size</code></em>;<br>
419 max-acache-size <em class="replaceable"><code>size</code></em>;<br>
420 clients-per-query <em class="replaceable"><code>number</code></em>;<br>
421 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
422 check-names ( master | slave | response )<br>
423 ( fail | warn | ignore );<br>
424 check-mx ( fail | warn | ignore );<br>
425 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
426 check-mx-cname ( fail | warn | ignore );<br>
427 check-srv-cname ( fail | warn | ignore );<br>
428 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
429 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
430 preferred-glue <em class="replaceable"><code>string</code></em>;<br>
431 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
432 <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
433 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
434 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
435 };<br>
436 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
437 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
438 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
439 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
440 disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
441 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
442 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
443 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
444 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
445 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
446 <br>
447 dns64-server <em class="replaceable"><code>string</code></em>;<br>
448 dns64-contact <em class="replaceable"><code>string</code></em>;<br>
449 dns64 <em class="replaceable"><code>prefix</code></em> {<br>
450 clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
451 exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
452 mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
453 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
454 recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
455 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
456 };<br>
457 <br>
458 empty-server <em class="replaceable"><code>string</code></em>;<br>
459 empty-contact <em class="replaceable"><code>string</code></em>;<br>
460 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
461 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
462 <br>
463 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
464 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
465 <br>
466 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
467 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
468 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
469 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
470 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
471 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
472 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
473 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
474 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
475 <br>
476 masterfile-format ( text | raw | map );<br>
477 notify <em class="replaceable"><code>notifytype</code></em>;<br>
478 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
479 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
480 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
481 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
482 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
483 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
484 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
485 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
486 <br>
487 forward ( first | only );<br>
488 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
489 <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
490 };<br>
491 <br>
492 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
493 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
494 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
495 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
496 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
497 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
498 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
499 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
500 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
501 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
502 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
503 <br>
504 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
505 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
506 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
507 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
508 <br>
509 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
510 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
511 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
512 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
513 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
514 <br>
515 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
516 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
517 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
518 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
519 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
520 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
521 <br>
522 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
523 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
524 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
525 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
526 };<br>
527 </p></div>
528 </div>
529 <div class="refsect1" lang="en">
530 <a name="id2545324"></a><h2>ZONE</h2>
531 <div class="literallayout"><p><br>
532 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
533 type ( master | slave | stub | hint | redirect |<br>
534 forward | delegation-only );<br>
535 file <em class="replaceable"><code>quoted_string</code></em>;<br>
536 <br>
537 masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
538 <em class="replaceable"><code>masters</code></em> |<br>
539 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
540 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
541 };<br>
542 <br>
543 database <em class="replaceable"><code>string</code></em>;<br>
544 delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
545 check-names ( fail | warn | ignore );<br>
546 check-mx ( fail | warn | ignore );<br>
547 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
548 check-mx-cname ( fail | warn | ignore );<br>
549 check-srv-cname ( fail | warn | ignore );<br>
550 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
551 ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
552 journal <em class="replaceable"><code>quoted_string</code></em>;<br>
553 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
554 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
555 <br>
556 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
557 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
558 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
559 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
560 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
561 update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
562 ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
563 ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
564                   krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
565   tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
566 <em class="replaceable"><code>rrtypelist</code></em>;<br>
567 [<span class="optional">...</span>]<br>
568 }</code></em>;<br>
569 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
570 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
571 <br>
572 masterfile-format ( text | raw | map );<br>
573 notify <em class="replaceable"><code>notifytype</code></em>;<br>
574 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
575 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
576 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
577 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
578 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
579 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
580 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
581 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
582 <br>
583 forward ( first | only );<br>
584 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
585 <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
586 };<br>
587 <br>
588 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
589 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
590 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
591 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
592 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
593 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
594 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
595 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
596 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
597 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
598 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
599 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
600 <br>
601 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
602 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
603 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
604 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
605 <br>
606 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
607 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
608 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
609 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
610 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
611 <br>
612 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
613 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
614 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
615 <br>
616 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
617 <br>
618 ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
619 ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
620 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
621 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
622 pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
623 };<br>
624 </p></div>
625 </div>
626 <div class="refsect1" lang="en">
627 <a name="id2545714"></a><h2>FILES</h2>
628 <p><code class="filename">/etc/named.conf</code>
629 </p>
630 </div>
631 <div class="refsect1" lang="en">
632 <a name="id2545725"></a><h2>SEE ALSO</h2>
633 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
634 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
635 <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
636 <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
637 </p>
638 </div>
639 </div></body>
640 </html>