named.conf.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland<!--
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland - Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland -
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland - This Source Code Form is subject to the terms of the Mozilla Public
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland - License, v. 2.0. If a copy of the MPL was not distributed with this
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland - file, You can obtain one at http://mozilla.org/MPL/2.0/.
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland-->
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland<!-- Converted by db4-upgrade version 1.0 -->
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <date>2014-01-08</date>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refentryinfo>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <corpname>ISC</corpname>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refentryinfo>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refmeta>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refentrytitle><filename>named.conf</filename></refentrytitle>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <manvolnum>5</manvolnum>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refmiscinfo>BIND9</refmiscinfo>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refmeta>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refnamediv>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refname><filename>named.conf</filename></refname>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refpurpose>configuration file for <command>named</command></refpurpose>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refnamediv>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <docinfo>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <copyright>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2004</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2005</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2006</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2007</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2008</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2009</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2010</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2011</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2012</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2013</year>
40a3f5ceaf3ada360988c7cbb70c66f2d5588da4Tim Marsland <year>2014</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2015</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <year>2016</year>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </copyright>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </docinfo>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsynopsisdiv>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <cmdsynopsis sepchar=" ">
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe <command>named.conf</command>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe </cmdsynopsis>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsynopsisdiv>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>DESCRIPTION</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <para><filename>named.conf</filename> is the configuration file
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland for
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <command>named</command>. Statements are enclosed
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland in braces and terminated with a semi-colon. Clauses in
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland the statements are also semi-colon terminated. The usual
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland comment styles are supported:
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland C style: /* */
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland C++ style: // to end of line
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland Unix style: # to end of line
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </para>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>ACL</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandacl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland</literallayout>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>KEY</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandkey <replaceable>domain_name</replaceable> {
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland algorithm <replaceable>string</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland secret <replaceable>string</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland};
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland</literallayout>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>MASTERS</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandmasters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland};
489b7c4ab76ae8df137fbfcc2214f7baa52883a0Raymond Chen</literallayout>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>SERVER</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandserver ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland bogus <replaceable>boolean</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland edns <replaceable>boolean</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland edns-udp-size <replaceable>integer</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland max-udp-size <replaceable>integer</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland tcp-only <replaceable>boolean</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland provide-ixfr <replaceable>boolean</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland request-ixfr <replaceable>boolean</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland keys <replaceable>server_key</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland transfers <replaceable>integer</replaceable>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland transfer-format ( many-answers | one-answer );
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland transfer-source ( <replaceable>ipv4_address</replaceable> | * )
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland support-ixfr <replaceable>boolean</replaceable>; // obsolete
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland};
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland</literallayout>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>TRUSTED-KEYS</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandtrusted-keys {
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland};
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland</literallayout>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland </refsection>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <refsection><info><title>MANAGED-KEYS</title></info>
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <literallayout class="normal">
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marslandmanaged-keys {
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland};
de81e71e031139a0a7f13b7bf64152c3faa76698Tim Marsland</literallayout>
</refsection>
<refsection><info><title>CONTROLS</title></info>
<literallayout class="normal">
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
allow { <replaceable>address_match_element</replaceable>; ... }
<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
unix <replaceable>unsupported</replaceable>; // not implemented
};
</literallayout>
</refsection>
<refsection><info><title>LOGGING</title></info>
<literallayout class="normal">
logging {
channel <replaceable>string</replaceable> {
file <replaceable>log_file</replaceable>;
syslog <replaceable>optional_facility</replaceable>;
null;
stderr;
severity <replaceable>log_severity</replaceable>;
print-time <replaceable>boolean</replaceable>;
print-severity <replaceable>boolean</replaceable>;
print-category <replaceable>boolean</replaceable>;
};
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
</literallayout>
</refsection>
<refsection><info><title>LWRES</title></info>
<literallayout class="normal">
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
search { <replaceable>string</replaceable>; ... };
ndots <replaceable>integer</replaceable>;
lwres-tasks <replaceable>integer</replaceable>;
lwres-clients <replaceable>integer</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>OPTIONS</title></info>
<literallayout class="normal">
options {
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
blackhole { <replaceable>address_match_element</replaceable>; ... };
coresize <replaceable>size</replaceable>;
datasize <replaceable>size</replaceable>;
directory <replaceable>quoted_string</replaceable>;
dump-file <replaceable>quoted_string</replaceable>;
files <replaceable>size</replaceable>;
heartbeat-interval <replaceable>integer</replaceable>;
host-statistics <replaceable>boolean</replaceable>; // not implemented
host-statistics-max <replaceable>number</replaceable>; // not implemented
hostname ( <replaceable>quoted_string</replaceable> | none );
interface-interval <replaceable>integer</replaceable>;
keep-response-order { <replaceable>address_match_element</replaceable>; ... };
listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
match-mapped-addresses <replaceable>boolean</replaceable>;
memstatistics-file <replaceable>quoted_string</replaceable>;
pid-file ( <replaceable>quoted_string</replaceable> | none );
port <replaceable>integer</replaceable>;
querylog <replaceable>boolean</replaceable>;
recursing-file <replaceable>quoted_string</replaceable>;
reserved-sockets <replaceable>integer</replaceable>;
random-device <replaceable>quoted_string</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
stacksize <replaceable>size</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
tcp-clients <replaceable>integer</replaceable>;
tcp-listen-queue <replaceable>integer</replaceable>;
tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
tkey-domain <replaceable>quoted_string</replaceable>;
transfer-message-size <replaceable>integer</replaceable>;
transfers-per-ns <replaceable>integer</replaceable>;
transfers-in <replaceable>integer</replaceable>;
transfers-out <replaceable>integer</replaceable>;
version ( <replaceable>quoted_string</replaceable> | none );
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
sortlist { <replaceable>address_match_element</replaceable>; ... };
topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
minimal-any <replaceable>boolean</replaceable>;
minimal-responses <replaceable>boolean</replaceable>;
recursion <replaceable>boolean</replaceable>;
rrset-order {
<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
};
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-queryport-pool <replaceable>boolean</replaceable>;
queryport-pool-ports <replaceable>integer</replaceable>;
queryport-pool-updateinterval <replaceable>integer</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
min-roots <replaceable>integer</replaceable>; // not implemented
lame-ttl <replaceable>integer</replaceable>;
max-ncache-ttl <replaceable>integer</replaceable>;
max-cache-ttl <replaceable>integer</replaceable>;
transfer-format ( many-answers | one-answer );
max-cache-size <replaceable>size</replaceable>;
max-acache-size <replaceable>size</replaceable>;
clients-per-query <replaceable>number</replaceable>;
max-clients-per-query <replaceable>number</replaceable>;
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file <replaceable>quoted_string</replaceable>; // test option
catalog-zones {
zone <replaceable>quoted_string</replaceable>
<optional> default-masters
<optional>port <replaceable>ip_port</replaceable></optional>
<optional>dscp <replaceable>ip_dscp</replaceable></optional>
{ ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }</optional>
<optional>in-memory <replaceable>yes_or_no</replaceable></optional>
<optional>min-update-interval <replaceable>interval</replaceable></optional>
; ... };
;
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
preferred-glue <replaceable>string</replaceable>;
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
};
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-validation <replaceable>boolean</replaceable>;
dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dns64-server <replaceable>string</replaceable>;
dns64-contact <replaceable>string</replaceable>;
dns64 <replaceable>prefix</replaceable> {
clients { <replaceable>acl</replaceable>; };
exclude { <replaceable>acl</replaceable>; };
mapped { <replaceable>acl</replaceable>; };
break-dnssec <replaceable>boolean</replaceable>;
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
empty-server <replaceable>string</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
disable-empty-zone <replaceable>string</replaceable>;
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
update-check-ksk <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
masterfile-format ( text | raw | map );
notify <replaceable>notifytype</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
max-journal-size <replaceable>size_no_default</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
sig-validity-interval <replaceable>integer</replaceable>;
sig-re-signing-interval <replaceable>integer</replaceable>;
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
zone-statistics <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
managed-keys-directory <replaceable>quoted_string</replaceable>;
auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
try-tcp-refresh <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
automatic-interface-scan <replaceable>boolean</replaceable>;
cookie-algorithm ( <replaceable>aes</replaceable> | <replaceable>sha1</replaceable> | <replaceable>sha256</replaceable> );
cookie-secret <replaceable>string</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
nocookie-udp-size <replaceable>integer</replaceable>;
deny-answer-addresses {
<replaceable>address_match_list</replaceable>
} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
deny-answer-aliases {
<replaceable>namelist</replaceable>
} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
fake-iquery <replaceable>boolean</replaceable>; // obsolete
fetch-glue <replaceable>boolean</replaceable>; // obsolete
has-old-clients <replaceable>boolean</replaceable>; // obsolete
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
multiple-cnames <replaceable>boolean</replaceable>; // obsolete
named-xfer <replaceable>quoted_string</replaceable>; // obsolete
serial-queries <replaceable>integer</replaceable>; // obsolete
treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
use-id-pool <replaceable>boolean</replaceable>; // obsolete
use-ixfr <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
</refsection>
<refsection><info><title>VIEW</title></info>
<literallayout class="normal">
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
match-clients { <replaceable>address_match_element</replaceable>; ... };
match-destinations { <replaceable>address_match_element</replaceable>; ... };
match-recursive-only <replaceable>boolean</replaceable>;
key <replaceable>string</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
...
};
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
...
};
trusted-keys {
<replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
<optional>...</optional>
};
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
sortlist { <replaceable>address_match_element</replaceable>; ... };
topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
minimal-any <replaceable>boolean</replaceable>;
minimal-responses <replaceable>boolean</replaceable>;
recursion <replaceable>boolean</replaceable>;
rrset-order {
<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
};
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-queryport-pool <replaceable>boolean</replaceable>;
queryport-pool-ports <replaceable>integer</replaceable>;
queryport-pool-updateinterval <replaceable>integer</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
min-roots <replaceable>integer</replaceable>; // not implemented
lame-ttl <replaceable>integer</replaceable>;
max-ncache-ttl <replaceable>integer</replaceable>;
max-cache-ttl <replaceable>integer</replaceable>;
transfer-format ( many-answers | one-answer );
max-cache-size <replaceable>size</replaceable>;
max-acache-size <replaceable>size</replaceable>;
clients-per-query <replaceable>number</replaceable>;
max-clients-per-query <replaceable>number</replaceable>;
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file <replaceable>quoted_string</replaceable>; // test option
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
preferred-glue <replaceable>string</replaceable>;
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
};
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-validation <replaceable>boolean</replaceable>;
dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dns64-server <replaceable>string</replaceable>;
dns64-contact <replaceable>string</replaceable>;
dns64 <replaceable>prefix</replaceable> {
clients { <replaceable>acl</replaceable>; };
exclude { <replaceable>acl</replaceable>; };
mapped { <replaceable>acl</replaceable>; };
break-dnssec <replaceable>boolean</replaceable>;
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
empty-server <replaceable>string</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
disable-empty-zone <replaceable>string</replaceable>;
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
update-check-ksk <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
masterfile-format ( text | raw | map );
notify <replaceable>notifytype</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
max-journal-size <replaceable>size_no_default</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
sig-validity-interval <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
zone-statistics <replaceable>boolean</replaceable>;
try-tcp-refresh <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
nocookie-udp-size <replaceable>integer</replaceable>;
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
fetch-glue <replaceable>boolean</replaceable>; // obsolete
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
};
</literallayout>
</refsection>
<refsection><info><title>ZONE</title></info>
<literallayout class="normal">
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
type ( master | slave | stub | hint | redirect |
forward | delegation-only );
file <replaceable>quoted_string</replaceable>;
masters <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
database <replaceable>string</replaceable>;
delegation-only <replaceable>boolean</replaceable>;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>boolean</replaceable>;
journal <replaceable>quoted_string</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
update-policy <replaceable>local</replaceable> | <replaceable> {
( grant | deny ) <replaceable>string</replaceable>
( name | subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
<replaceable>rrtypelist</replaceable>;
<optional>...</optional>
}</replaceable>;
update-check-ksk <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
masterfile-format ( text | raw | map );
notify <replaceable>notifytype</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
max-journal-size <replaceable>size_no_default</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
sig-validity-interval <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
zone-statistics <replaceable>boolean</replaceable>;
try-tcp-refresh <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
};
</literallayout>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/named.conf</filename>
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsection>
</refentry>