| blob | 359b56d1dc6de2c484187650c9644a6d37a5f2ba |
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
4 <!--
5 - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
6 -
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
10 -
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
18 -->
20 <!-- Id: named.conf.docbook,v 1.44 2009/12/03 23:18:16 each Exp -->
21 <refentry>
22 <refentryinfo>
23 <date>Aug 13, 2004</date>
24 </refentryinfo>
26 <refmeta>
27 <refentrytitle><filename>named.conf</filename></refentrytitle>
28 <manvolnum>5</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
30 </refmeta>
32 <refnamediv>
33 <refname><filename>named.conf</filename></refname>
34 <refpurpose>configuration file for named</refpurpose>
35 </refnamediv>
37 <docinfo>
38 <copyright>
39 <year>2004</year>
40 <year>2005</year>
41 <year>2006</year>
42 <year>2007</year>
43 <year>2008</year>
44 <year>2009</year>
45 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
46 </copyright>
47 </docinfo>
49 <refsynopsisdiv>
50 <cmdsynopsis>
51 <command>named.conf</command>
52 </cmdsynopsis>
53 </refsynopsisdiv>
55 <refsect1>
56 <title>DESCRIPTION</title>
57 <para><filename>named.conf</filename> is the configuration file
58 for
59 <command>named</command>. Statements are enclosed
60 in braces and terminated with a semi-colon. Clauses in
61 the statements are also semi-colon terminated. The usual
62 comment styles are supported:
63 </para>
64 <para>
65 C style: /* */
66 </para>
67 <para>
68 C++ style: // to end of line
69 </para>
70 <para>
71 Unix style: # to end of line
72 </para>
73 </refsect1>
75 <refsect1>
76 <title>ACL</title>
77 <literallayout>
78 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
80 </literallayout>
81 </refsect1>
83 <refsect1>
84 <title>KEY</title>
85 <literallayout>
86 key <replaceable>domain_name</replaceable> {
87 algorithm <replaceable>string</replaceable>;
88 secret <replaceable>string</replaceable>;
89 };
90 </literallayout>
91 </refsect1>
93 <refsect1>
94 <title>MASTERS</title>
95 <literallayout>
96 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
97 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
98 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
99 };
100 </literallayout>
101 </refsect1>
103 <refsect1>
104 <title>SERVER</title>
105 <literallayout>
106 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
107 bogus <replaceable>boolean</replaceable>;
108 edns <replaceable>boolean</replaceable>;
109 edns-udp-size <replaceable>integer</replaceable>;
110 max-udp-size <replaceable>integer</replaceable>;
111 provide-ixfr <replaceable>boolean</replaceable>;
112 request-ixfr <replaceable>boolean</replaceable>;
113 keys <replaceable>server_key</replaceable>;
114 transfers <replaceable>integer</replaceable>;
115 transfer-format ( many-answers | one-answer );
116 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
117 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
118 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
119 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
121 support-ixfr <replaceable>boolean</replaceable>; // obsolete
122 };
123 </literallayout>
124 </refsect1>
126 <refsect1>
127 <title>TRUSTED-KEYS</title>
128 <literallayout>
129 trusted-keys {
130 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
131 };
132 </literallayout>
133 </refsect1>
135 <refsect1>
136 <title>MANAGED-KEYS</title>
137 <literallayout>
138 managed-keys {
139 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
140 };
141 </literallayout>
142 </refsect1>
144 <refsect1>
145 <title>CONTROLS</title>
146 <literallayout>
147 controls {
148 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
149 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
150 allow { <replaceable>address_match_element</replaceable>; ... }
151 <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
152 unix <replaceable>unsupported</replaceable>; // not implemented
153 };
154 </literallayout>
155 </refsect1>
157 <refsect1>
158 <title>LOGGING</title>
159 <literallayout>
160 logging {
161 channel <replaceable>string</replaceable> {
162 file <replaceable>log_file</replaceable>;
163 syslog <replaceable>optional_facility</replaceable>;
164 null;
165 stderr;
166 severity <replaceable>log_severity</replaceable>;
167 print-time <replaceable>boolean</replaceable>;
168 print-severity <replaceable>boolean</replaceable>;
169 print-category <replaceable>boolean</replaceable>;
170 };
171 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
172 };
173 </literallayout>
174 </refsect1>
176 <refsect1>
177 <title>LWRES</title>
178 <literallayout>
179 lwres {
180 listen-on <optional> port <replaceable>integer</replaceable> </optional> {
181 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
182 };
183 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
184 search { <replaceable>string</replaceable>; ... };
185 ndots <replaceable>integer</replaceable>;
186 };
187 </literallayout>
188 </refsect1>
190 <refsect1>
191 <title>OPTIONS</title>
192 <literallayout>
193 options {
194 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
195 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
196 blackhole { <replaceable>address_match_element</replaceable>; ... };
197 coresize <replaceable>size</replaceable>;
198 datasize <replaceable>size</replaceable>;
199 directory <replaceable>quoted_string</replaceable>;
200 dump-file <replaceable>quoted_string</replaceable>;
201 files <replaceable>size</replaceable>;
202 heartbeat-interval <replaceable>integer</replaceable>;
203 host-statistics <replaceable>boolean</replaceable>; // not implemented
204 host-statistics-max <replaceable>number</replaceable>; // not implemented
205 hostname ( <replaceable>quoted_string</replaceable> | none );
206 interface-interval <replaceable>integer</replaceable>;
207 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
208 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
209 match-mapped-addresses <replaceable>boolean</replaceable>;
210 memstatistics-file <replaceable>quoted_string</replaceable>;
211 pid-file ( <replaceable>quoted_string</replaceable> | none );
212 port <replaceable>integer</replaceable>;
213 querylog <replaceable>boolean</replaceable>;
214 recursing-file <replaceable>quoted_string</replaceable>;
215 reserved-sockets <replaceable>integer</replaceable>;
216 random-device <replaceable>quoted_string</replaceable>;
217 recursive-clients <replaceable>integer</replaceable>;
218 serial-query-rate <replaceable>integer</replaceable>;
219 server-id ( <replaceable>quoted_string</replaceable> | none );
220 stacksize <replaceable>size</replaceable>;
221 statistics-file <replaceable>quoted_string</replaceable>;
222 statistics-interval <replaceable>integer</replaceable>; // not yet implemented
223 tcp-clients <replaceable>integer</replaceable>;
224 tcp-listen-queue <replaceable>integer</replaceable>;
225 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
226 tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
227 tkey-domain <replaceable>quoted_string</replaceable>;
228 transfers-per-ns <replaceable>integer</replaceable>;
229 transfers-in <replaceable>integer</replaceable>;
230 transfers-out <replaceable>integer</replaceable>;
231 use-ixfr <replaceable>boolean</replaceable>;
232 version ( <replaceable>quoted_string</replaceable> | none );
233 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
234 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
235 sortlist { <replaceable>address_match_element</replaceable>; ... };
236 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
237 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
238 minimal-responses <replaceable>boolean</replaceable>;
239 recursion <replaceable>boolean</replaceable>;
240 rrset-order {
241 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
242 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
243 };
244 provide-ixfr <replaceable>boolean</replaceable>;
245 request-ixfr <replaceable>boolean</replaceable>;
246 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
247 additional-from-auth <replaceable>boolean</replaceable>;
248 additional-from-cache <replaceable>boolean</replaceable>;
249 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
250 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
251 use-queryport-pool <replaceable>boolean</replaceable>;
252 queryport-pool-ports <replaceable>integer</replaceable>;
253 queryport-pool-updateinterval <replaceable>integer</replaceable>;
254 cleaning-interval <replaceable>integer</replaceable>;
255 min-roots <replaceable>integer</replaceable>; // not implemented
256 lame-ttl <replaceable>integer</replaceable>;
257 max-ncache-ttl <replaceable>integer</replaceable>;
258 max-cache-ttl <replaceable>integer</replaceable>;
259 transfer-format ( many-answers | one-answer );
260 max-cache-size <replaceable>size</replaceable>;
261 max-acache-size <replaceable>size</replaceable>;
262 clients-per-query <replaceable>number</replaceable>;
263 max-clients-per-query <replaceable>number</replaceable>;
264 check-names ( master | slave | response )
265 ( fail | warn | ignore );
266 check-mx ( fail | warn | ignore );
267 check-integrity <replaceable>boolean</replaceable>;
268 check-mx-cname ( fail | warn | ignore );
269 check-srv-cname ( fail | warn | ignore );
270 cache-file <replaceable>quoted_string</replaceable>; // test option
271 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
272 preferred-glue <replaceable>string</replaceable>;
273 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
274 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
275 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
276 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
277 };
278 edns-udp-size <replaceable>integer</replaceable>;
279 max-udp-size <replaceable>integer</replaceable>;
280 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
281 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
282 dnssec-enable <replaceable>boolean</replaceable>;
283 dnssec-validation <replaceable>boolean</replaceable>;
284 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
285 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
286 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
287 dnssec-accept-expired <replaceable>boolean</replaceable>;
289 empty-server <replaceable>string</replaceable>;
290 empty-contact <replaceable>string</replaceable>;
291 empty-zones-enable <replaceable>boolean</replaceable>;
292 disable-empty-zone <replaceable>string</replaceable>;
294 dialup <replaceable>dialuptype</replaceable>;
295 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
297 allow-query { <replaceable>address_match_element</replaceable>; ... };
298 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
299 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
300 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
301 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
302 allow-update { <replaceable>address_match_element</replaceable>; ... };
303 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
304 update-check-ksk <replaceable>boolean</replaceable>;
305 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
307 masterfile-format ( text | raw );
308 notify <replaceable>notifytype</replaceable>;
309 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
310 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
311 notify-delay <replaceable>seconds</replaceable>;
312 notify-to-soa <replaceable>boolean</replaceable>;
313 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
314 <optional> port <replaceable>integer</replaceable> </optional>; ... };
315 allow-notify { <replaceable>address_match_element</replaceable>; ... };
317 forward ( first | only );
318 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
319 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
320 };
322 max-journal-size <replaceable>size_no_default</replaceable>;
323 max-transfer-time-in <replaceable>integer</replaceable>;
324 max-transfer-time-out <replaceable>integer</replaceable>;
325 max-transfer-idle-in <replaceable>integer</replaceable>;
326 max-transfer-idle-out <replaceable>integer</replaceable>;
327 max-retry-time <replaceable>integer</replaceable>;
328 min-retry-time <replaceable>integer</replaceable>;
329 max-refresh-time <replaceable>integer</replaceable>;
330 min-refresh-time <replaceable>integer</replaceable>;
331 multi-master <replaceable>boolean</replaceable>;
333 sig-validity-interval <replaceable>integer</replaceable>;
334 sig-re-signing-interval <replaceable>integer</replaceable>;
335 sig-signing-nodes <replaceable>integer</replaceable>;
336 sig-signing-signatures <replaceable>integer</replaceable>;
337 sig-signing-type <replaceable>integer</replaceable>;
339 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
340 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
341 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
342 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
344 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
345 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
346 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
347 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
348 use-alt-transfer-source <replaceable>boolean</replaceable>;
350 zone-statistics <replaceable>boolean</replaceable>;
351 key-directory <replaceable>quoted_string</replaceable>;
352 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
353 try-tcp-refresh <replaceable>boolean</replaceable>;
354 zero-no-soa-ttl <replaceable>boolean</replaceable>;
355 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
356 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
357 deny-answer-addresses {
358 <replaceable>address_match_list</replaceable>
359 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
360 deny-answer-aliases {
361 <replaceable>namelist</replaceable>
362 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
364 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
366 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
367 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
368 fake-iquery <replaceable>boolean</replaceable>; // obsolete
369 fetch-glue <replaceable>boolean</replaceable>; // obsolete
370 has-old-clients <replaceable>boolean</replaceable>; // obsolete
371 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
372 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
373 multiple-cnames <replaceable>boolean</replaceable>; // obsolete
374 named-xfer <replaceable>quoted_string</replaceable>; // obsolete
375 serial-queries <replaceable>integer</replaceable>; // obsolete
376 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
377 use-id-pool <replaceable>boolean</replaceable>; // obsolete
378 };
379 </literallayout>
380 </refsect1>
382 <refsect1>
383 <title>VIEW</title>
384 <literallayout>
385 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
386 match-clients { <replaceable>address_match_element</replaceable>; ... };
387 match-destinations { <replaceable>address_match_element</replaceable>; ... };
388 match-recursive-only <replaceable>boolean</replaceable>;
390 key <replaceable>string</replaceable> {
391 algorithm <replaceable>string</replaceable>;
392 secret <replaceable>string</replaceable>;
393 };
395 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
396 ...
397 };
399 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
400 ...
401 };
403 trusted-keys {
404 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
405 <optional>...</optional>
406 };
408 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
409 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
410 sortlist { <replaceable>address_match_element</replaceable>; ... };
411 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
412 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
413 minimal-responses <replaceable>boolean</replaceable>;
414 recursion <replaceable>boolean</replaceable>;
415 rrset-order {
416 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
417 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
418 };
419 provide-ixfr <replaceable>boolean</replaceable>;
420 request-ixfr <replaceable>boolean</replaceable>;
421 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
422 additional-from-auth <replaceable>boolean</replaceable>;
423 additional-from-cache <replaceable>boolean</replaceable>;
424 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
425 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
426 use-queryport-pool <replaceable>boolean</replaceable>;
427 queryport-pool-ports <replaceable>integer</replaceable>;
428 queryport-pool-updateinterval <replaceable>integer</replaceable>;
429 cleaning-interval <replaceable>integer</replaceable>;
430 min-roots <replaceable>integer</replaceable>; // not implemented
431 lame-ttl <replaceable>integer</replaceable>;
432 max-ncache-ttl <replaceable>integer</replaceable>;
433 max-cache-ttl <replaceable>integer</replaceable>;
434 transfer-format ( many-answers | one-answer );
435 max-cache-size <replaceable>size</replaceable>;
436 max-acache-size <replaceable>size</replaceable>;
437 clients-per-query <replaceable>number</replaceable>;
438 max-clients-per-query <replaceable>number</replaceable>;
439 check-names ( master | slave | response )
440 ( fail | warn | ignore );
441 check-mx ( fail | warn | ignore );
442 check-integrity <replaceable>boolean</replaceable>;
443 check-mx-cname ( fail | warn | ignore );
444 check-srv-cname ( fail | warn | ignore );
445 cache-file <replaceable>quoted_string</replaceable>; // test option
446 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
447 preferred-glue <replaceable>string</replaceable>;
448 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
449 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
450 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
451 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
452 };
453 edns-udp-size <replaceable>integer</replaceable>;
454 max-udp-size <replaceable>integer</replaceable>;
455 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
456 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
457 dnssec-enable <replaceable>boolean</replaceable>;
458 dnssec-validation <replaceable>boolean</replaceable>;
459 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
460 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
461 dnssec-accept-expired <replaceable>boolean</replaceable>;
463 empty-server <replaceable>string</replaceable>;
464 empty-contact <replaceable>string</replaceable>;
465 empty-zones-enable <replaceable>boolean</replaceable>;
466 disable-empty-zone <replaceable>string</replaceable>;
468 dialup <replaceable>dialuptype</replaceable>;
469 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
471 allow-query { <replaceable>address_match_element</replaceable>; ... };
472 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
473 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
474 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
475 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
476 allow-update { <replaceable>address_match_element</replaceable>; ... };
477 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
478 update-check-ksk <replaceable>boolean</replaceable>;
479 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
481 masterfile-format ( text | raw );
482 notify <replaceable>notifytype</replaceable>;
483 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
484 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
485 notify-delay <replaceable>seconds</replaceable>;
486 notify-to-soa <replaceable>boolean</replaceable>;
487 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
488 <optional> port <replaceable>integer</replaceable> </optional>; ... };
489 allow-notify { <replaceable>address_match_element</replaceable>; ... };
491 forward ( first | only );
492 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
493 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
494 };
496 max-journal-size <replaceable>size_no_default</replaceable>;
497 max-transfer-time-in <replaceable>integer</replaceable>;
498 max-transfer-time-out <replaceable>integer</replaceable>;
499 max-transfer-idle-in <replaceable>integer</replaceable>;
500 max-transfer-idle-out <replaceable>integer</replaceable>;
501 max-retry-time <replaceable>integer</replaceable>;
502 min-retry-time <replaceable>integer</replaceable>;
503 max-refresh-time <replaceable>integer</replaceable>;
504 min-refresh-time <replaceable>integer</replaceable>;
505 multi-master <replaceable>boolean</replaceable>;
506 sig-validity-interval <replaceable>integer</replaceable>;
508 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
509 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
510 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
511 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
513 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
514 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
515 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
516 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
517 use-alt-transfer-source <replaceable>boolean</replaceable>;
519 zone-statistics <replaceable>boolean</replaceable>;
520 try-tcp-refresh <replaceable>boolean</replaceable>;
521 key-directory <replaceable>quoted_string</replaceable>;
522 zero-no-soa-ttl <replaceable>boolean</replaceable>;
523 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
524 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
526 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
527 fetch-glue <replaceable>boolean</replaceable>; // obsolete
528 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
529 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
530 };
531 </literallayout>
532 </refsect1>
534 <refsect1>
535 <title>ZONE</title>
536 <literallayout>
537 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
538 type ( master | slave | stub | hint |
539 forward | delegation-only );
540 file <replaceable>quoted_string</replaceable>;
542 masters <optional> port <replaceable>integer</replaceable> </optional> {
543 ( <replaceable>masters</replaceable> |
544 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
545 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
546 };
548 database <replaceable>string</replaceable>;
549 delegation-only <replaceable>boolean</replaceable>;
550 check-names ( fail | warn | ignore );
551 check-mx ( fail | warn | ignore );
552 check-integrity <replaceable>boolean</replaceable>;
553 check-mx-cname ( fail | warn | ignore );
554 check-srv-cname ( fail | warn | ignore );
555 dialup <replaceable>dialuptype</replaceable>;
556 ixfr-from-differences <replaceable>boolean</replaceable>;
557 journal <replaceable>quoted_string</replaceable>;
558 zero-no-soa-ttl <replaceable>boolean</replaceable>;
559 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
561 allow-query { <replaceable>address_match_element</replaceable>; ... };
562 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
563 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
564 allow-update { <replaceable>address_match_element</replaceable>; ... };
565 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
566 update-policy <replaceable>local</replaceable> | <replaceable> {
567 ( grant | deny ) <replaceable>string</replaceable>
568 ( name | subdomain | wildcard | self | selfsub | selfwild |
569 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
570 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
571 <replaceable>rrtypelist</replaceable>;
572 <optional>...</optional>
573 }</replaceable>;
574 update-check-ksk <replaceable>boolean</replaceable>;
575 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
577 masterfile-format ( text | raw );
578 notify <replaceable>notifytype</replaceable>;
579 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
580 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
581 notify-delay <replaceable>seconds</replaceable>;
582 notify-to-soa <replaceable>boolean</replaceable>;
583 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
584 <optional> port <replaceable>integer</replaceable> </optional>; ... };
585 allow-notify { <replaceable>address_match_element</replaceable>; ... };
587 forward ( first | only );
588 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
589 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
590 };
592 max-journal-size <replaceable>size_no_default</replaceable>;
593 max-transfer-time-in <replaceable>integer</replaceable>;
594 max-transfer-time-out <replaceable>integer</replaceable>;
595 max-transfer-idle-in <replaceable>integer</replaceable>;
596 max-transfer-idle-out <replaceable>integer</replaceable>;
597 max-retry-time <replaceable>integer</replaceable>;
598 min-retry-time <replaceable>integer</replaceable>;
599 max-refresh-time <replaceable>integer</replaceable>;
600 min-refresh-time <replaceable>integer</replaceable>;
601 multi-master <replaceable>boolean</replaceable>;
602 sig-validity-interval <replaceable>integer</replaceable>;
604 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
605 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
606 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
607 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
609 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
610 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
611 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
612 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
613 use-alt-transfer-source <replaceable>boolean</replaceable>;
615 zone-statistics <replaceable>boolean</replaceable>;
616 try-tcp-refresh <replaceable>boolean</replaceable>;
617 key-directory <replaceable>quoted_string</replaceable>;
619 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
621 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
622 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
623 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
624 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
625 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
626 };
627 </literallayout>
628 </refsect1>
630 <refsect1>
631 <title>FILES</title>
632 <para><filename>/etc/named.conf</filename>
633 </para>
634 </refsect1>
636 <refsect1>
637 <title>SEE ALSO</title>
638 <para><citerefentry>
639 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
640 </citerefentry>,
641 <citerefentry>
642 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
643 </citerefentry>,
644 <citerefentry>
645 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
646 </citerefentry>,
647 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
648 </para>
649 </refsect1>
651 </refentry><!--
652 - Local variables:
653 - mode: sgml
654 - End:
655 -->