| blob | 991899e6138a5d640e05f1243896569a62237b3c |
1 .\" $NetBSD: named.conf.5,v 1.1.1.3 2009/12/26 22:19:14 christos Exp $
2 .\"
3 .\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
4 .\"
5 .\" Permission to use, copy, modify, and/or distribute this software for any
6 .\" purpose with or without fee is hereby granted, provided that the above
7 .\" copyright notice and this permission notice appear in all copies.
8 .\"
9 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 .\" PERFORMANCE OF THIS SOFTWARE.
16 .\"
17 .\" Id: named.conf.5,v 1.41 2009/12/04 01:13:44 tbox Exp
18 .\"
19 .hy 0
20 .ad l
21 .\" Title: \fInamed.conf\fR
22 .\" Author:
23 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
24 .\" Date: Aug 13, 2004
25 .\" Manual: BIND9
26 .\" Source: BIND9
27 .\"
28 .TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
29 .\" disable hyphenation
30 .nh
31 .\" disable justification (adjust text to left margin only)
32 .ad l
33 .SH "NAME"
34 named.conf \- configuration file for named
35 .SH "SYNOPSIS"
36 .HP 11
37 \fBnamed.conf\fR
38 .SH "DESCRIPTION"
39 .PP
40 \fInamed.conf\fR
41 is the configuration file for
42 \fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
43 .PP
44 C style: /* */
45 .PP
46 C++ style: // to end of line
47 .PP
48 Unix style: # to end of line
49 .SH "ACL"
50 .sp
51 .RS 4
52 .nf
53 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
54 .fi
55 .RE
56 .SH "KEY"
57 .sp
58 .RS 4
59 .nf
60 key \fIdomain_name\fR {
61 algorithm \fIstring\fR;
62 secret \fIstring\fR;
63 };
64 .fi
65 .RE
66 .SH "MASTERS"
67 .sp
68 .RS 4
69 .nf
70 masters \fIstring\fR [ port \fIinteger\fR ] {
71 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
72 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
73 };
74 .fi
75 .RE
76 .SH "SERVER"
77 .sp
78 .RS 4
79 .nf
80 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
81 bogus \fIboolean\fR;
82 edns \fIboolean\fR;
83 edns\-udp\-size \fIinteger\fR;
84 max\-udp\-size \fIinteger\fR;
85 provide\-ixfr \fIboolean\fR;
86 request\-ixfr \fIboolean\fR;
87 keys \fIserver_key\fR;
88 transfers \fIinteger\fR;
89 transfer\-format ( many\-answers | one\-answer );
90 transfer\-source ( \fIipv4_address\fR | * )
91 [ port ( \fIinteger\fR | * ) ];
92 transfer\-source\-v6 ( \fIipv6_address\fR | * )
93 [ port ( \fIinteger\fR | * ) ];
94 support\-ixfr \fIboolean\fR; // obsolete
95 };
96 .fi
97 .RE
98 .SH "TRUSTED\-KEYS"
99 .sp
100 .RS 4
101 .nf
102 trusted\-keys {
103 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
104 };
105 .fi
106 .RE
107 .SH "MANAGED\-KEYS"
108 .sp
109 .RS 4
110 .nf
111 managed\-keys {
112 \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
113 };
114 .fi
115 .RE
116 .SH "CONTROLS"
117 .sp
118 .RS 4
119 .nf
120 controls {
121 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
122 [ port ( \fIinteger\fR | * ) ]
123 allow { \fIaddress_match_element\fR; ... }
124 [ keys { \fIstring\fR; ... } ];
125 unix \fIunsupported\fR; // not implemented
126 };
127 .fi
128 .RE
129 .SH "LOGGING"
130 .sp
131 .RS 4
132 .nf
133 logging {
134 channel \fIstring\fR {
135 file \fIlog_file\fR;
136 syslog \fIoptional_facility\fR;
137 null;
138 stderr;
139 severity \fIlog_severity\fR;
140 print\-time \fIboolean\fR;
141 print\-severity \fIboolean\fR;
142 print\-category \fIboolean\fR;
143 };
144 category \fIstring\fR { \fIstring\fR; ... };
145 };
146 .fi
147 .RE
148 .SH "LWRES"
149 .sp
150 .RS 4
151 .nf
152 lwres {
153 listen\-on [ port \fIinteger\fR ] {
154 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
155 };
156 view \fIstring\fR \fIoptional_class\fR;
157 search { \fIstring\fR; ... };
158 ndots \fIinteger\fR;
159 };
160 .fi
161 .RE
162 .SH "OPTIONS"
163 .sp
164 .RS 4
165 .nf
166 options {
167 avoid\-v4\-udp\-ports { \fIport\fR; ... };
168 avoid\-v6\-udp\-ports { \fIport\fR; ... };
169 blackhole { \fIaddress_match_element\fR; ... };
170 coresize \fIsize\fR;
171 datasize \fIsize\fR;
172 directory \fIquoted_string\fR;
173 dump\-file \fIquoted_string\fR;
174 files \fIsize\fR;
175 heartbeat\-interval \fIinteger\fR;
176 host\-statistics \fIboolean\fR; // not implemented
177 host\-statistics\-max \fInumber\fR; // not implemented
178 hostname ( \fIquoted_string\fR | none );
179 interface\-interval \fIinteger\fR;
180 listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
181 listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
182 match\-mapped\-addresses \fIboolean\fR;
183 memstatistics\-file \fIquoted_string\fR;
184 pid\-file ( \fIquoted_string\fR | none );
185 port \fIinteger\fR;
186 querylog \fIboolean\fR;
187 recursing\-file \fIquoted_string\fR;
188 reserved\-sockets \fIinteger\fR;
189 random\-device \fIquoted_string\fR;
190 recursive\-clients \fIinteger\fR;
191 serial\-query\-rate \fIinteger\fR;
192 server\-id ( \fIquoted_string\fR | none );
193 stacksize \fIsize\fR;
194 statistics\-file \fIquoted_string\fR;
195 statistics\-interval \fIinteger\fR; // not yet implemented
196 tcp\-clients \fIinteger\fR;
197 tcp\-listen\-queue \fIinteger\fR;
198 tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
199 tkey\-gssapi\-credential \fIquoted_string\fR;
200 tkey\-domain \fIquoted_string\fR;
201 transfers\-per\-ns \fIinteger\fR;
202 transfers\-in \fIinteger\fR;
203 transfers\-out \fIinteger\fR;
204 use\-ixfr \fIboolean\fR;
205 version ( \fIquoted_string\fR | none );
206 allow\-recursion { \fIaddress_match_element\fR; ... };
207 allow\-recursion\-on { \fIaddress_match_element\fR; ... };
208 sortlist { \fIaddress_match_element\fR; ... };
209 topology { \fIaddress_match_element\fR; ... }; // not implemented
210 auth\-nxdomain \fIboolean\fR; // default changed
211 minimal\-responses \fIboolean\fR;
212 recursion \fIboolean\fR;
213 rrset\-order {
214 [ class \fIstring\fR ] [ type \fIstring\fR ]
215 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
216 };
217 provide\-ixfr \fIboolean\fR;
218 request\-ixfr \fIboolean\fR;
219 rfc2308\-type1 \fIboolean\fR; // not yet implemented
220 additional\-from\-auth \fIboolean\fR;
221 additional\-from\-cache \fIboolean\fR;
222 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
223 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
224 use\-queryport\-pool \fIboolean\fR;
225 queryport\-pool\-ports \fIinteger\fR;
226 queryport\-pool\-updateinterval \fIinteger\fR;
227 cleaning\-interval \fIinteger\fR;
228 min\-roots \fIinteger\fR; // not implemented
229 lame\-ttl \fIinteger\fR;
230 max\-ncache\-ttl \fIinteger\fR;
231 max\-cache\-ttl \fIinteger\fR;
232 transfer\-format ( many\-answers | one\-answer );
233 max\-cache\-size \fIsize\fR;
234 max\-acache\-size \fIsize\fR;
235 clients\-per\-query \fInumber\fR;
236 max\-clients\-per\-query \fInumber\fR;
237 check\-names ( master | slave | response )
238 ( fail | warn | ignore );
239 check\-mx ( fail | warn | ignore );
240 check\-integrity \fIboolean\fR;
241 check\-mx\-cname ( fail | warn | ignore );
242 check\-srv\-cname ( fail | warn | ignore );
243 cache\-file \fIquoted_string\fR; // test option
244 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
245 preferred\-glue \fIstring\fR;
246 dual\-stack\-servers [ port \fIinteger\fR ] {
247 ( \fIquoted_string\fR [port \fIinteger\fR] |
248 \fIipv4_address\fR [port \fIinteger\fR] |
249 \fIipv6_address\fR [port \fIinteger\fR] ); ...
250 };
251 edns\-udp\-size \fIinteger\fR;
252 max\-udp\-size \fIinteger\fR;
253 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
254 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
255 dnssec\-enable \fIboolean\fR;
256 dnssec\-validation \fIboolean\fR;
257 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
258 dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
259 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
260 dnssec\-accept\-expired \fIboolean\fR;
261 empty\-server \fIstring\fR;
262 empty\-contact \fIstring\fR;
263 empty\-zones\-enable \fIboolean\fR;
264 disable\-empty\-zone \fIstring\fR;
265 dialup \fIdialuptype\fR;
266 ixfr\-from\-differences \fIixfrdiff\fR;
267 allow\-query { \fIaddress_match_element\fR; ... };
268 allow\-query\-on { \fIaddress_match_element\fR; ... };
269 allow\-query\-cache { \fIaddress_match_element\fR; ... };
270 allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
271 allow\-transfer { \fIaddress_match_element\fR; ... };
272 allow\-update { \fIaddress_match_element\fR; ... };
273 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
274 update\-check\-ksk \fIboolean\fR;
275 dnssec\-dnskey\-kskonly \fIboolean\fR;
276 masterfile\-format ( text | raw );
277 notify \fInotifytype\fR;
278 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
279 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
280 notify\-delay \fIseconds\fR;
281 notify\-to\-soa \fIboolean\fR;
282 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
283 [ port \fIinteger\fR ]; ... };
284 allow\-notify { \fIaddress_match_element\fR; ... };
285 forward ( first | only );
286 forwarders [ port \fIinteger\fR ] {
287 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
288 };
289 max\-journal\-size \fIsize_no_default\fR;
290 max\-transfer\-time\-in \fIinteger\fR;
291 max\-transfer\-time\-out \fIinteger\fR;
292 max\-transfer\-idle\-in \fIinteger\fR;
293 max\-transfer\-idle\-out \fIinteger\fR;
294 max\-retry\-time \fIinteger\fR;
295 min\-retry\-time \fIinteger\fR;
296 max\-refresh\-time \fIinteger\fR;
297 min\-refresh\-time \fIinteger\fR;
298 multi\-master \fIboolean\fR;
299 sig\-validity\-interval \fIinteger\fR;
300 sig\-re\-signing\-interval \fIinteger\fR;
301 sig\-signing\-nodes \fIinteger\fR;
302 sig\-signing\-signatures \fIinteger\fR;
303 sig\-signing\-type \fIinteger\fR;
304 transfer\-source ( \fIipv4_address\fR | * )
305 [ port ( \fIinteger\fR | * ) ];
306 transfer\-source\-v6 ( \fIipv6_address\fR | * )
307 [ port ( \fIinteger\fR | * ) ];
308 alt\-transfer\-source ( \fIipv4_address\fR | * )
309 [ port ( \fIinteger\fR | * ) ];
310 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
311 [ port ( \fIinteger\fR | * ) ];
312 use\-alt\-transfer\-source \fIboolean\fR;
313 zone\-statistics \fIboolean\fR;
314 key\-directory \fIquoted_string\fR;
315 auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR;
316 try\-tcp\-refresh \fIboolean\fR;
317 zero\-no\-soa\-ttl \fIboolean\fR;
318 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
319 dnssec\-secure\-to\-insecure \fIboolean\fR;
320 deny\-answer\-addresses {
321 \fIaddress_match_list\fR
322 } [ except\-from { \fInamelist\fR } ];
323 deny\-answer\-aliases {
324 \fInamelist\fR
325 } [ except\-from { \fInamelist\fR } ];
326 nsec3\-test\-zone \fIboolean\fR; // testing only
327 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
328 deallocate\-on\-exit \fIboolean\fR; // obsolete
329 fake\-iquery \fIboolean\fR; // obsolete
330 fetch\-glue \fIboolean\fR; // obsolete
331 has\-old\-clients \fIboolean\fR; // obsolete
332 maintain\-ixfr\-base \fIboolean\fR; // obsolete
333 max\-ixfr\-log\-size \fIsize\fR; // obsolete
334 multiple\-cnames \fIboolean\fR; // obsolete
335 named\-xfer \fIquoted_string\fR; // obsolete
336 serial\-queries \fIinteger\fR; // obsolete
337 treat\-cr\-as\-space \fIboolean\fR; // obsolete
338 use\-id\-pool \fIboolean\fR; // obsolete
339 };
340 .fi
341 .RE
342 .SH "VIEW"
343 .sp
344 .RS 4
345 .nf
346 view \fIstring\fR \fIoptional_class\fR {
347 match\-clients { \fIaddress_match_element\fR; ... };
348 match\-destinations { \fIaddress_match_element\fR; ... };
349 match\-recursive\-only \fIboolean\fR;
350 key \fIstring\fR {
351 algorithm \fIstring\fR;
352 secret \fIstring\fR;
353 };
354 zone \fIstring\fR \fIoptional_class\fR {
355 ...
356 };
357 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
358 ...
359 };
360 trusted\-keys {
361 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
362 [...]
363 };
364 allow\-recursion { \fIaddress_match_element\fR; ... };
365 allow\-recursion\-on { \fIaddress_match_element\fR; ... };
366 sortlist { \fIaddress_match_element\fR; ... };
367 topology { \fIaddress_match_element\fR; ... }; // not implemented
368 auth\-nxdomain \fIboolean\fR; // default changed
369 minimal\-responses \fIboolean\fR;
370 recursion \fIboolean\fR;
371 rrset\-order {
372 [ class \fIstring\fR ] [ type \fIstring\fR ]
373 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
374 };
375 provide\-ixfr \fIboolean\fR;
376 request\-ixfr \fIboolean\fR;
377 rfc2308\-type1 \fIboolean\fR; // not yet implemented
378 additional\-from\-auth \fIboolean\fR;
379 additional\-from\-cache \fIboolean\fR;
380 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
381 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
382 use\-queryport\-pool \fIboolean\fR;
383 queryport\-pool\-ports \fIinteger\fR;
384 queryport\-pool\-updateinterval \fIinteger\fR;
385 cleaning\-interval \fIinteger\fR;
386 min\-roots \fIinteger\fR; // not implemented
387 lame\-ttl \fIinteger\fR;
388 max\-ncache\-ttl \fIinteger\fR;
389 max\-cache\-ttl \fIinteger\fR;
390 transfer\-format ( many\-answers | one\-answer );
391 max\-cache\-size \fIsize\fR;
392 max\-acache\-size \fIsize\fR;
393 clients\-per\-query \fInumber\fR;
394 max\-clients\-per\-query \fInumber\fR;
395 check\-names ( master | slave | response )
396 ( fail | warn | ignore );
397 check\-mx ( fail | warn | ignore );
398 check\-integrity \fIboolean\fR;
399 check\-mx\-cname ( fail | warn | ignore );
400 check\-srv\-cname ( fail | warn | ignore );
401 cache\-file \fIquoted_string\fR; // test option
402 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
403 preferred\-glue \fIstring\fR;
404 dual\-stack\-servers [ port \fIinteger\fR ] {
405 ( \fIquoted_string\fR [port \fIinteger\fR] |
406 \fIipv4_address\fR [port \fIinteger\fR] |
407 \fIipv6_address\fR [port \fIinteger\fR] ); ...
408 };
409 edns\-udp\-size \fIinteger\fR;
410 max\-udp\-size \fIinteger\fR;
411 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
412 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
413 dnssec\-enable \fIboolean\fR;
414 dnssec\-validation \fIboolean\fR;
415 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
416 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
417 dnssec\-accept\-expired \fIboolean\fR;
418 empty\-server \fIstring\fR;
419 empty\-contact \fIstring\fR;
420 empty\-zones\-enable \fIboolean\fR;
421 disable\-empty\-zone \fIstring\fR;
422 dialup \fIdialuptype\fR;
423 ixfr\-from\-differences \fIixfrdiff\fR;
424 allow\-query { \fIaddress_match_element\fR; ... };
425 allow\-query\-on { \fIaddress_match_element\fR; ... };
426 allow\-query\-cache { \fIaddress_match_element\fR; ... };
427 allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
428 allow\-transfer { \fIaddress_match_element\fR; ... };
429 allow\-update { \fIaddress_match_element\fR; ... };
430 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
431 update\-check\-ksk \fIboolean\fR;
432 dnssec\-dnskey\-kskonly \fIboolean\fR;
433 masterfile\-format ( text | raw );
434 notify \fInotifytype\fR;
435 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
436 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
437 notify\-delay \fIseconds\fR;
438 notify\-to\-soa \fIboolean\fR;
439 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
440 [ port \fIinteger\fR ]; ... };
441 allow\-notify { \fIaddress_match_element\fR; ... };
442 forward ( first | only );
443 forwarders [ port \fIinteger\fR ] {
444 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
445 };
446 max\-journal\-size \fIsize_no_default\fR;
447 max\-transfer\-time\-in \fIinteger\fR;
448 max\-transfer\-time\-out \fIinteger\fR;
449 max\-transfer\-idle\-in \fIinteger\fR;
450 max\-transfer\-idle\-out \fIinteger\fR;
451 max\-retry\-time \fIinteger\fR;
452 min\-retry\-time \fIinteger\fR;
453 max\-refresh\-time \fIinteger\fR;
454 min\-refresh\-time \fIinteger\fR;
455 multi\-master \fIboolean\fR;
456 sig\-validity\-interval \fIinteger\fR;
457 transfer\-source ( \fIipv4_address\fR | * )
458 [ port ( \fIinteger\fR | * ) ];
459 transfer\-source\-v6 ( \fIipv6_address\fR | * )
460 [ port ( \fIinteger\fR | * ) ];
461 alt\-transfer\-source ( \fIipv4_address\fR | * )
462 [ port ( \fIinteger\fR | * ) ];
463 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
464 [ port ( \fIinteger\fR | * ) ];
465 use\-alt\-transfer\-source \fIboolean\fR;
466 zone\-statistics \fIboolean\fR;
467 try\-tcp\-refresh \fIboolean\fR;
468 key\-directory \fIquoted_string\fR;
469 zero\-no\-soa\-ttl \fIboolean\fR;
470 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
471 dnssec\-secure\-to\-insecure \fIboolean\fR;
472 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
473 fetch\-glue \fIboolean\fR; // obsolete
474 maintain\-ixfr\-base \fIboolean\fR; // obsolete
475 max\-ixfr\-log\-size \fIsize\fR; // obsolete
476 };
477 .fi
478 .RE
479 .SH "ZONE"
480 .sp
481 .RS 4
482 .nf
483 zone \fIstring\fR \fIoptional_class\fR {
484 type ( master | slave | stub | hint |
485 forward | delegation\-only );
486 file \fIquoted_string\fR;
487 masters [ port \fIinteger\fR ] {
488 ( \fImasters\fR |
489 \fIipv4_address\fR [port \fIinteger\fR] |
490 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
491 };
492 database \fIstring\fR;
493 delegation\-only \fIboolean\fR;
494 check\-names ( fail | warn | ignore );
495 check\-mx ( fail | warn | ignore );
496 check\-integrity \fIboolean\fR;
497 check\-mx\-cname ( fail | warn | ignore );
498 check\-srv\-cname ( fail | warn | ignore );
499 dialup \fIdialuptype\fR;
500 ixfr\-from\-differences \fIboolean\fR;
501 journal \fIquoted_string\fR;
502 zero\-no\-soa\-ttl \fIboolean\fR;
503 dnssec\-secure\-to\-insecure \fIboolean\fR;
504 allow\-query { \fIaddress_match_element\fR; ... };
505 allow\-query\-on { \fIaddress_match_element\fR; ... };
506 allow\-transfer { \fIaddress_match_element\fR; ... };
507 allow\-update { \fIaddress_match_element\fR; ... };
508 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
509 update\-policy \fIlocal\fR | \fI {
510 ( grant | deny ) \fR\fI\fIstring\fR\fR\fI
511 ( name | subdomain | wildcard | self | selfsub | selfwild |
512 krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
513 tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
514 \fR\fI\fIrrtypelist\fR\fR\fI;
515 \fR\fI[...]\fR\fI
516 }\fR;
517 update\-check\-ksk \fIboolean\fR;
518 dnssec\-dnskey\-kskonly \fIboolean\fR;
519 masterfile\-format ( text | raw );
520 notify \fInotifytype\fR;
521 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
522 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
523 notify\-delay \fIseconds\fR;
524 notify\-to\-soa \fIboolean\fR;
525 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
526 [ port \fIinteger\fR ]; ... };
527 allow\-notify { \fIaddress_match_element\fR; ... };
528 forward ( first | only );
529 forwarders [ port \fIinteger\fR ] {
530 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
531 };
532 max\-journal\-size \fIsize_no_default\fR;
533 max\-transfer\-time\-in \fIinteger\fR;
534 max\-transfer\-time\-out \fIinteger\fR;
535 max\-transfer\-idle\-in \fIinteger\fR;
536 max\-transfer\-idle\-out \fIinteger\fR;
537 max\-retry\-time \fIinteger\fR;
538 min\-retry\-time \fIinteger\fR;
539 max\-refresh\-time \fIinteger\fR;
540 min\-refresh\-time \fIinteger\fR;
541 multi\-master \fIboolean\fR;
542 sig\-validity\-interval \fIinteger\fR;
543 transfer\-source ( \fIipv4_address\fR | * )
544 [ port ( \fIinteger\fR | * ) ];
545 transfer\-source\-v6 ( \fIipv6_address\fR | * )
546 [ port ( \fIinteger\fR | * ) ];
547 alt\-transfer\-source ( \fIipv4_address\fR | * )
548 [ port ( \fIinteger\fR | * ) ];
549 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
550 [ port ( \fIinteger\fR | * ) ];
551 use\-alt\-transfer\-source \fIboolean\fR;
552 zone\-statistics \fIboolean\fR;
553 try\-tcp\-refresh \fIboolean\fR;
554 key\-directory \fIquoted_string\fR;
555 nsec3\-test\-zone \fIboolean\fR; // testing only
556 ixfr\-base \fIquoted_string\fR; // obsolete
557 ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
558 maintain\-ixfr\-base \fIboolean\fR; // obsolete
559 max\-ixfr\-log\-size \fIsize\fR; // obsolete
560 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
561 };
562 .fi
563 .RE
564 .SH "FILES"
565 .PP
566 \fI/etc/named.conf\fR
567 .SH "SEE ALSO"
568 .PP
569 \fBnamed\fR(8),
570 \fBnamed\-checkconf\fR(8),
571 \fBrndc\fR(8),
572 BIND 9 Administrator Reference Manual.
573 .SH "COPYRIGHT"
574 Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
575 .br