| blob | 4c99a61ecd7af8aaf3c876036a71eb53703dfbe4 |
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
4 <!--
5 - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
6 -
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
10 -
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
18 -->
20 <refentry>
21 <refentryinfo>
22 <date>January 08, 2014</date>
23 </refentryinfo>
25 <refmeta>
26 <refentrytitle><filename>named.conf</filename></refentrytitle>
27 <manvolnum>5</manvolnum>
28 <refmiscinfo>BIND9</refmiscinfo>
29 </refmeta>
31 <refnamediv>
32 <refname><filename>named.conf</filename></refname>
33 <refpurpose>configuration file for named</refpurpose>
34 </refnamediv>
36 <docinfo>
37 <copyright>
38 <year>2004</year>
39 <year>2005</year>
40 <year>2006</year>
41 <year>2007</year>
42 <year>2008</year>
43 <year>2009</year>
44 <year>2010</year>
45 <year>2011</year>
46 <year>2012</year>
47 <year>2013</year>
48 <year>2014</year>
49 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
50 </copyright>
51 </docinfo>
53 <refsynopsisdiv>
54 <cmdsynopsis>
55 <command>named.conf</command>
56 </cmdsynopsis>
57 </refsynopsisdiv>
59 <refsect1>
60 <title>DESCRIPTION</title>
61 <para><filename>named.conf</filename> is the configuration file
62 for
63 <command>named</command>. Statements are enclosed
64 in braces and terminated with a semi-colon. Clauses in
65 the statements are also semi-colon terminated. The usual
66 comment styles are supported:
67 </para>
68 <para>
69 C style: /* */
70 </para>
71 <para>
72 C++ style: // to end of line
73 </para>
74 <para>
75 Unix style: # to end of line
76 </para>
77 </refsect1>
79 <refsect1>
80 <title>ACL</title>
81 <literallayout>
82 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
84 </literallayout>
85 </refsect1>
87 <refsect1>
88 <title>KEY</title>
89 <literallayout>
90 key <replaceable>domain_name</replaceable> {
91 algorithm <replaceable>string</replaceable>;
92 secret <replaceable>string</replaceable>;
93 };
94 </literallayout>
95 </refsect1>
97 <refsect1>
98 <title>MASTERS</title>
99 <literallayout>
100 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
101 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
102 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
103 };
104 </literallayout>
105 </refsect1>
107 <refsect1>
108 <title>SERVER</title>
109 <literallayout>
110 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
111 bogus <replaceable>boolean</replaceable>;
112 edns <replaceable>boolean</replaceable>;
113 edns-udp-size <replaceable>integer</replaceable>;
114 max-udp-size <replaceable>integer</replaceable>;
115 provide-ixfr <replaceable>boolean</replaceable>;
116 request-ixfr <replaceable>boolean</replaceable>;
117 keys <replaceable>server_key</replaceable>;
118 transfers <replaceable>integer</replaceable>;
119 transfer-format ( many-answers | one-answer );
120 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
122 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
123 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
125 support-ixfr <replaceable>boolean</replaceable>; // obsolete
126 };
127 </literallayout>
128 </refsect1>
130 <refsect1>
131 <title>TRUSTED-KEYS</title>
132 <literallayout>
133 trusted-keys {
134 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
135 };
136 </literallayout>
137 </refsect1>
139 <refsect1>
140 <title>MANAGED-KEYS</title>
141 <literallayout>
142 managed-keys {
143 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
144 };
145 </literallayout>
146 </refsect1>
148 <refsect1>
149 <title>CONTROLS</title>
150 <literallayout>
151 controls {
152 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
153 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
154 allow { <replaceable>address_match_element</replaceable>; ... }
155 <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
156 unix <replaceable>unsupported</replaceable>; // not implemented
157 };
158 </literallayout>
159 </refsect1>
161 <refsect1>
162 <title>LOGGING</title>
163 <literallayout>
164 logging {
165 channel <replaceable>string</replaceable> {
166 file <replaceable>log_file</replaceable>;
167 syslog <replaceable>optional_facility</replaceable>;
168 null;
169 stderr;
170 severity <replaceable>log_severity</replaceable>;
171 print-time <replaceable>boolean</replaceable>;
172 print-severity <replaceable>boolean</replaceable>;
173 print-category <replaceable>boolean</replaceable>;
174 };
175 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
176 };
177 </literallayout>
178 </refsect1>
180 <refsect1>
181 <title>LWRES</title>
182 <literallayout>
183 lwres {
184 listen-on <optional> port <replaceable>integer</replaceable> </optional> {
185 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
186 };
187 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
188 search { <replaceable>string</replaceable>; ... };
189 ndots <replaceable>integer</replaceable>;
190 };
191 </literallayout>
192 </refsect1>
194 <refsect1>
195 <title>OPTIONS</title>
196 <literallayout>
197 options {
198 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
199 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
200 blackhole { <replaceable>address_match_element</replaceable>; ... };
201 coresize <replaceable>size</replaceable>;
202 datasize <replaceable>size</replaceable>;
203 directory <replaceable>quoted_string</replaceable>;
204 dump-file <replaceable>quoted_string</replaceable>;
205 files <replaceable>size</replaceable>;
206 heartbeat-interval <replaceable>integer</replaceable>;
207 host-statistics <replaceable>boolean</replaceable>; // not implemented
208 host-statistics-max <replaceable>number</replaceable>; // not implemented
209 hostname ( <replaceable>quoted_string</replaceable> | none );
210 interface-interval <replaceable>integer</replaceable>;
211 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
212 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
213 match-mapped-addresses <replaceable>boolean</replaceable>;
214 memstatistics-file <replaceable>quoted_string</replaceable>;
215 pid-file ( <replaceable>quoted_string</replaceable> | none );
216 port <replaceable>integer</replaceable>;
217 querylog <replaceable>boolean</replaceable>;
218 recursing-file <replaceable>quoted_string</replaceable>;
219 reserved-sockets <replaceable>integer</replaceable>;
220 random-device <replaceable>quoted_string</replaceable>;
221 recursive-clients <replaceable>integer</replaceable>;
222 serial-query-rate <replaceable>integer</replaceable>;
223 server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
224 stacksize <replaceable>size</replaceable>;
225 statistics-file <replaceable>quoted_string</replaceable>;
226 statistics-interval <replaceable>integer</replaceable>; // not yet implemented
227 tcp-clients <replaceable>integer</replaceable>;
228 tcp-listen-queue <replaceable>integer</replaceable>;
229 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
230 tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
231 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
232 tkey-domain <replaceable>quoted_string</replaceable>;
233 transfers-per-ns <replaceable>integer</replaceable>;
234 transfers-in <replaceable>integer</replaceable>;
235 transfers-out <replaceable>integer</replaceable>;
236 use-ixfr <replaceable>boolean</replaceable>;
237 version ( <replaceable>quoted_string</replaceable> | none );
238 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
239 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
240 sortlist { <replaceable>address_match_element</replaceable>; ... };
241 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
242 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
243 minimal-responses <replaceable>boolean</replaceable>;
244 recursion <replaceable>boolean</replaceable>;
245 rrset-order {
246 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
247 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
248 };
249 provide-ixfr <replaceable>boolean</replaceable>;
250 request-ixfr <replaceable>boolean</replaceable>;
251 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
252 additional-from-auth <replaceable>boolean</replaceable>;
253 additional-from-cache <replaceable>boolean</replaceable>;
254 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
255 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
256 use-queryport-pool <replaceable>boolean</replaceable>;
257 queryport-pool-ports <replaceable>integer</replaceable>;
258 queryport-pool-updateinterval <replaceable>integer</replaceable>;
259 cleaning-interval <replaceable>integer</replaceable>;
260 resolver-query-timeout <replaceable>integer</replaceable>;
261 min-roots <replaceable>integer</replaceable>; // not implemented
262 lame-ttl <replaceable>integer</replaceable>;
263 max-ncache-ttl <replaceable>integer</replaceable>;
264 max-cache-ttl <replaceable>integer</replaceable>;
265 transfer-format ( many-answers | one-answer );
266 max-cache-size <replaceable>size</replaceable>;
267 max-acache-size <replaceable>size</replaceable>;
268 clients-per-query <replaceable>number</replaceable>;
269 max-clients-per-query <replaceable>number</replaceable>;
270 check-names ( master | slave | response )
271 ( fail | warn | ignore );
272 check-mx ( fail | warn | ignore );
273 check-integrity <replaceable>boolean</replaceable>;
274 check-mx-cname ( fail | warn | ignore );
275 check-srv-cname ( fail | warn | ignore );
276 cache-file <replaceable>quoted_string</replaceable>; // test option
277 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
278 preferred-glue <replaceable>string</replaceable>;
279 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
280 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
281 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
282 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
283 };
284 edns-udp-size <replaceable>integer</replaceable>;
285 max-udp-size <replaceable>integer</replaceable>;
286 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
287 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
288 disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
289 dnssec-enable <replaceable>boolean</replaceable>;
290 dnssec-validation <replaceable>boolean</replaceable>;
291 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
292 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
293 dnssec-accept-expired <replaceable>boolean</replaceable>;
295 dns64-server <replaceable>string</replaceable>;
296 dns64-contact <replaceable>string</replaceable>;
297 dns64 <replaceable>prefix</replaceable> {
298 clients { <replacable>acl</replacable>; };
299 exclude { <replacable>acl</replacable>; };
300 mapped { <replacable>acl</replacable>; };
301 break-dnssec <replaceable>boolean</replaceable>;
302 recursive-only <replaceable>boolean</replaceable>;
303 suffix <replaceable>ipv6_address</replaceable>;
304 };
306 empty-server <replaceable>string</replaceable>;
307 empty-contact <replaceable>string</replaceable>;
308 empty-zones-enable <replaceable>boolean</replaceable>;
309 disable-empty-zone <replaceable>string</replaceable>;
311 dialup <replaceable>dialuptype</replaceable>;
312 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
314 allow-query { <replaceable>address_match_element</replaceable>; ... };
315 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
316 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
317 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
318 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
319 allow-update { <replaceable>address_match_element</replaceable>; ... };
320 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
321 update-check-ksk <replaceable>boolean</replaceable>;
322 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
324 masterfile-format ( text | raw | map );
325 notify <replaceable>notifytype</replaceable>;
326 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
327 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
328 notify-delay <replaceable>seconds</replaceable>;
329 notify-to-soa <replaceable>boolean</replaceable>;
330 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
331 <optional> port <replaceable>integer</replaceable> </optional>; ...
332 <optional> key <replaceable>keyname</replaceable> </optional> ... };
333 allow-notify { <replaceable>address_match_element</replaceable>; ... };
335 forward ( first | only );
336 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
337 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
338 };
340 max-journal-size <replaceable>size_no_default</replaceable>;
341 max-transfer-time-in <replaceable>integer</replaceable>;
342 max-transfer-time-out <replaceable>integer</replaceable>;
343 max-transfer-idle-in <replaceable>integer</replaceable>;
344 max-transfer-idle-out <replaceable>integer</replaceable>;
345 max-retry-time <replaceable>integer</replaceable>;
346 min-retry-time <replaceable>integer</replaceable>;
347 max-refresh-time <replaceable>integer</replaceable>;
348 min-refresh-time <replaceable>integer</replaceable>;
349 multi-master <replaceable>boolean</replaceable>;
351 sig-validity-interval <replaceable>integer</replaceable>;
352 sig-re-signing-interval <replaceable>integer</replaceable>;
353 sig-signing-nodes <replaceable>integer</replaceable>;
354 sig-signing-signatures <replaceable>integer</replaceable>;
355 sig-signing-type <replaceable>integer</replaceable>;
357 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
358 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
359 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
360 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
362 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
363 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
364 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
365 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
366 use-alt-transfer-source <replaceable>boolean</replaceable>;
368 zone-statistics <replaceable>boolean</replaceable>;
369 key-directory <replaceable>quoted_string</replaceable>;
370 managed-keys-directory <replaceable>quoted_string</replaceable>;
371 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
372 try-tcp-refresh <replaceable>boolean</replaceable>;
373 zero-no-soa-ttl <replaceable>boolean</replaceable>;
374 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
375 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
376 deny-answer-addresses {
377 <replaceable>address_match_list</replaceable>
378 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
379 deny-answer-aliases {
380 <replaceable>namelist</replaceable>
381 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
383 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
385 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
386 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
387 fake-iquery <replaceable>boolean</replaceable>; // obsolete
388 fetch-glue <replaceable>boolean</replaceable>; // obsolete
389 has-old-clients <replaceable>boolean</replaceable>; // obsolete
390 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
391 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
392 multiple-cnames <replaceable>boolean</replaceable>; // obsolete
393 named-xfer <replaceable>quoted_string</replaceable>; // obsolete
394 serial-queries <replaceable>integer</replaceable>; // obsolete
395 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
396 use-id-pool <replaceable>boolean</replaceable>; // obsolete
397 };
398 </literallayout>
399 </refsect1>
401 <refsect1>
402 <title>VIEW</title>
403 <literallayout>
404 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
405 match-clients { <replaceable>address_match_element</replaceable>; ... };
406 match-destinations { <replaceable>address_match_element</replaceable>; ... };
407 match-recursive-only <replaceable>boolean</replaceable>;
409 key <replaceable>string</replaceable> {
410 algorithm <replaceable>string</replaceable>;
411 secret <replaceable>string</replaceable>;
412 };
414 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
415 ...
416 };
418 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
419 ...
420 };
422 trusted-keys {
423 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
424 <optional>...</optional>
425 };
427 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
428 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
429 sortlist { <replaceable>address_match_element</replaceable>; ... };
430 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
431 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
432 minimal-responses <replaceable>boolean</replaceable>;
433 recursion <replaceable>boolean</replaceable>;
434 rrset-order {
435 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
436 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
437 };
438 provide-ixfr <replaceable>boolean</replaceable>;
439 request-ixfr <replaceable>boolean</replaceable>;
440 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
441 additional-from-auth <replaceable>boolean</replaceable>;
442 additional-from-cache <replaceable>boolean</replaceable>;
443 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
444 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
445 use-queryport-pool <replaceable>boolean</replaceable>;
446 queryport-pool-ports <replaceable>integer</replaceable>;
447 queryport-pool-updateinterval <replaceable>integer</replaceable>;
448 cleaning-interval <replaceable>integer</replaceable>;
449 resolver-query-timeout <replaceable>integer</replaceable>;
450 min-roots <replaceable>integer</replaceable>; // not implemented
451 lame-ttl <replaceable>integer</replaceable>;
452 max-ncache-ttl <replaceable>integer</replaceable>;
453 max-cache-ttl <replaceable>integer</replaceable>;
454 transfer-format ( many-answers | one-answer );
455 max-cache-size <replaceable>size</replaceable>;
456 max-acache-size <replaceable>size</replaceable>;
457 clients-per-query <replaceable>number</replaceable>;
458 max-clients-per-query <replaceable>number</replaceable>;
459 check-names ( master | slave | response )
460 ( fail | warn | ignore );
461 check-mx ( fail | warn | ignore );
462 check-integrity <replaceable>boolean</replaceable>;
463 check-mx-cname ( fail | warn | ignore );
464 check-srv-cname ( fail | warn | ignore );
465 cache-file <replaceable>quoted_string</replaceable>; // test option
466 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
467 preferred-glue <replaceable>string</replaceable>;
468 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
469 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
470 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
471 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
472 };
473 edns-udp-size <replaceable>integer</replaceable>;
474 max-udp-size <replaceable>integer</replaceable>;
475 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
476 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
477 disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
478 dnssec-enable <replaceable>boolean</replaceable>;
479 dnssec-validation <replaceable>boolean</replaceable>;
480 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
481 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
482 dnssec-accept-expired <replaceable>boolean</replaceable>;
484 dns64-server <replaceable>string</replaceable>;
485 dns64-contact <replaceable>string</replaceable>;
486 dns64 <replaceable>prefix</replaceable> {
487 clients { <replacable>acl</replacable>; };
488 exclude { <replacable>acl</replacable>; };
489 mapped { <replacable>acl</replacable>; };
490 break-dnssec <replaceable>boolean</replaceable>;
491 recursive-only <replaceable>boolean</replaceable>;
492 suffix <replaceable>ipv6_address</replaceable>;
493 };
495 empty-server <replaceable>string</replaceable>;
496 empty-contact <replaceable>string</replaceable>;
497 empty-zones-enable <replaceable>boolean</replaceable>;
498 disable-empty-zone <replaceable>string</replaceable>;
500 dialup <replaceable>dialuptype</replaceable>;
501 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
503 allow-query { <replaceable>address_match_element</replaceable>; ... };
504 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
505 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
506 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
507 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
508 allow-update { <replaceable>address_match_element</replaceable>; ... };
509 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
510 update-check-ksk <replaceable>boolean</replaceable>;
511 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
513 masterfile-format ( text | raw | map );
514 notify <replaceable>notifytype</replaceable>;
515 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
516 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
517 notify-delay <replaceable>seconds</replaceable>;
518 notify-to-soa <replaceable>boolean</replaceable>;
519 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
520 <optional> port <replaceable>integer</replaceable> </optional>; ...
521 <optional> key <replaceable>keyname</replaceable> </optional> ... };
522 allow-notify { <replaceable>address_match_element</replaceable>; ... };
524 forward ( first | only );
525 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
526 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
527 };
529 max-journal-size <replaceable>size_no_default</replaceable>;
530 max-transfer-time-in <replaceable>integer</replaceable>;
531 max-transfer-time-out <replaceable>integer</replaceable>;
532 max-transfer-idle-in <replaceable>integer</replaceable>;
533 max-transfer-idle-out <replaceable>integer</replaceable>;
534 max-retry-time <replaceable>integer</replaceable>;
535 min-retry-time <replaceable>integer</replaceable>;
536 max-refresh-time <replaceable>integer</replaceable>;
537 min-refresh-time <replaceable>integer</replaceable>;
538 multi-master <replaceable>boolean</replaceable>;
539 sig-validity-interval <replaceable>integer</replaceable>;
541 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
542 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
543 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
544 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
546 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
547 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
548 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
549 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
550 use-alt-transfer-source <replaceable>boolean</replaceable>;
552 zone-statistics <replaceable>boolean</replaceable>;
553 try-tcp-refresh <replaceable>boolean</replaceable>;
554 key-directory <replaceable>quoted_string</replaceable>;
555 zero-no-soa-ttl <replaceable>boolean</replaceable>;
556 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
557 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
559 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
560 fetch-glue <replaceable>boolean</replaceable>; // obsolete
561 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
562 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
563 };
564 </literallayout>
565 </refsect1>
567 <refsect1>
568 <title>ZONE</title>
569 <literallayout>
570 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
571 type ( master | slave | stub | hint | redirect |
572 forward | delegation-only );
573 file <replaceable>quoted_string</replaceable>;
575 masters <optional> port <replaceable>integer</replaceable> </optional> {
576 ( <replaceable>masters</replaceable> |
577 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
578 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
579 };
581 database <replaceable>string</replaceable>;
582 delegation-only <replaceable>boolean</replaceable>;
583 check-names ( fail | warn | ignore );
584 check-mx ( fail | warn | ignore );
585 check-integrity <replaceable>boolean</replaceable>;
586 check-mx-cname ( fail | warn | ignore );
587 check-srv-cname ( fail | warn | ignore );
588 dialup <replaceable>dialuptype</replaceable>;
589 ixfr-from-differences <replaceable>boolean</replaceable>;
590 journal <replaceable>quoted_string</replaceable>;
591 zero-no-soa-ttl <replaceable>boolean</replaceable>;
592 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
594 allow-query { <replaceable>address_match_element</replaceable>; ... };
595 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
596 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
597 allow-update { <replaceable>address_match_element</replaceable>; ... };
598 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
599 update-policy <replaceable>local</replaceable> | <replaceable> {
600 ( grant | deny ) <replaceable>string</replaceable>
601 ( name | subdomain | wildcard | self | selfsub | selfwild |
602 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
603 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
604 <replaceable>rrtypelist</replaceable>;
605 <optional>...</optional>
606 }</replaceable>;
607 update-check-ksk <replaceable>boolean</replaceable>;
608 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
610 masterfile-format ( text | raw | map );
611 notify <replaceable>notifytype</replaceable>;
612 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
613 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
614 notify-delay <replaceable>seconds</replaceable>;
615 notify-to-soa <replaceable>boolean</replaceable>;
616 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
617 <optional> port <replaceable>integer</replaceable> </optional>; ...
618 <optional> key <replaceable>keyname</replaceable> </optional> ... };
619 allow-notify { <replaceable>address_match_element</replaceable>; ... };
621 forward ( first | only );
622 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
623 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
624 };
626 max-journal-size <replaceable>size_no_default</replaceable>;
627 max-transfer-time-in <replaceable>integer</replaceable>;
628 max-transfer-time-out <replaceable>integer</replaceable>;
629 max-transfer-idle-in <replaceable>integer</replaceable>;
630 max-transfer-idle-out <replaceable>integer</replaceable>;
631 max-retry-time <replaceable>integer</replaceable>;
632 min-retry-time <replaceable>integer</replaceable>;
633 max-refresh-time <replaceable>integer</replaceable>;
634 min-refresh-time <replaceable>integer</replaceable>;
635 multi-master <replaceable>boolean</replaceable>;
636 request-ixfr <replaceable>boolean</replaceable>;
637 sig-validity-interval <replaceable>integer</replaceable>;
639 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
640 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
641 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
642 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
644 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
645 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
646 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
647 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
648 use-alt-transfer-source <replaceable>boolean</replaceable>;
650 zone-statistics <replaceable>boolean</replaceable>;
651 try-tcp-refresh <replaceable>boolean</replaceable>;
652 key-directory <replaceable>quoted_string</replaceable>;
654 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
656 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
657 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
658 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
659 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
660 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
661 };
662 </literallayout>
663 </refsect1>
665 <refsect1>
666 <title>FILES</title>
667 <para><filename>/etc/named.conf</filename>
668 </para>
669 </refsect1>
671 <refsect1>
672 <title>SEE ALSO</title>
673 <para><citerefentry>
674 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
675 </citerefentry>,
676 <citerefentry>
677 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
678 </citerefentry>,
679 <citerefentry>
680 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
681 </citerefentry>,
682 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
683 </para>
684 </refsect1>
686 </refentry><!--
687 - Local variables:
688 - mode: sgml
689 - End:
690 -->