bin/named/named.conf.docbook

	named.conf.docbook revision 2eeb74d1cf5355dd98f6d507a10086e16bb08c4b
2N/A<!--
2N/A - Copyright (C) 2004-2015  Internet Systems Consortium, Inc. ("ISC")
2N/A -
2N/A - Permission to use, copy, modify, and/or distribute this software for any
2N/A - purpose with or without fee is hereby granted, provided that the above
2N/A - copyright notice and this permission notice appear in all copies.
2N/A -
2N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2N/A - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2N/A - PERFORMANCE OF THIS SOFTWARE.
2N/A-->
2N/A
2N/A<!-- Converted by db4-upgrade version 1.0 -->
2N/A<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
2N/A  <info>
2N/A    <date>2014-01-08</date>
2N/A  </info>
2N/A  <refentryinfo>
2N/A    <corpname>ISC</corpname>
2N/A    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
2N/A  </refentryinfo>
2N/A
2N/A  <refmeta>
2N/A    <refentrytitle><filename>named.conf</filename></refentrytitle>
2N/A    <manvolnum>5</manvolnum>
2N/A    <refmiscinfo>BIND9</refmiscinfo>
2N/A  </refmeta>
2N/A
2N/A  <refnamediv>
2N/A    <refname><filename>named.conf</filename></refname>
2N/A    <refpurpose>configuration file for <command>named</command></refpurpose>
2N/A  </refnamediv>
2N/A
2N/A  <docinfo>
2N/A    <copyright>
2N/A      <year>2004</year>
2N/A      <year>2005</year>
2N/A      <year>2006</year>
2N/A      <year>2007</year>
2N/A      <year>2008</year>
2N/A      <year>2009</year>
2N/A      <year>2010</year>
2N/A      <year>2011</year>
2N/A      <year>2012</year>
2N/A      <year>2013</year>
2N/A      <year>2014</year>
2N/A      <year>2015</year>
2N/A      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
2N/A    </copyright>
2N/A  </docinfo>
2N/A
2N/A  <refsynopsisdiv>
2N/A    <cmdsynopsis sepchar=" ">
2N/A      <command>named.conf</command>
2N/A    </cmdsynopsis>
2N/A  </refsynopsisdiv>
2N/A
2N/A  <refsection><info><title>DESCRIPTION</title></info>
2N/A
2N/A    <para><filename>named.conf</filename> is the configuration file
2N/A      for
2N/A      <command>named</command>.  Statements are enclosed
2N/A      in braces and terminated with a semi-colon.  Clauses in
2N/A      the statements are also semi-colon terminated.  The usual
2N/A      comment styles are supported:
2N/A    </para>
2N/A    <para>
2N/A      C style: /* */
2N/A    </para>
2N/A    <para>
2N/A      C++ style: // to end of line
2N/A    </para>
2N/A    <para>
2N/A      Unix style: # to end of line
2N/A    </para>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>ACL</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Aacl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
2N/A
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>KEY</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Akey <replaceable>domain_name</replaceable> {
2N/A    algorithm <replaceable>string</replaceable>;
2N/A    secret <replaceable>string</replaceable>;
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>MASTERS</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Amasters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
2N/A    ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A    <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>SERVER</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Aserver ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
2N/A    bogus <replaceable>boolean</replaceable>;
2N/A    edns <replaceable>boolean</replaceable>;
2N/A    edns-udp-size <replaceable>integer</replaceable>;
2N/A    max-udp-size <replaceable>integer</replaceable>;
2N/A    tcp-only <replaceable>boolean</replaceable>;
2N/A    provide-ixfr <replaceable>boolean</replaceable>;
2N/A    request-ixfr <replaceable>boolean</replaceable>;
2N/A    keys <replaceable>server_key</replaceable>;
2N/A    transfers <replaceable>integer</replaceable>;
2N/A    transfer-format ( many-answers | one-answer );
2N/A    transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A
2N/A    support-ixfr <replaceable>boolean</replaceable>; // obsolete
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>TRUSTED-KEYS</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Atrusted-keys {
2N/A    <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>MANAGED-KEYS</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Amanaged-keys {
2N/A    <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>CONTROLS</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Acontrols {
2N/A    inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
2N/A        allow { <replaceable>address_match_element</replaceable>; ... }
2N/A        <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
2N/A    unix <replaceable>unsupported</replaceable>; // not implemented
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>LOGGING</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Alogging {
2N/A    channel <replaceable>string</replaceable> {
2N/A        file <replaceable>log_file</replaceable>;
2N/A        syslog <replaceable>optional_facility</replaceable>;
2N/A        null;
2N/A        stderr;
2N/A        severity <replaceable>log_severity</replaceable>;
2N/A        print-time <replaceable>boolean</replaceable>;
2N/A        print-severity <replaceable>boolean</replaceable>;
2N/A        print-category <replaceable>boolean</replaceable>;
2N/A    };
2N/A    category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>LWRES</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Alwres {
2N/A    listen-on <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A    };
2N/A    view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
2N/A    search { <replaceable>string</replaceable>; ... };
2N/A    ndots <replaceable>integer</replaceable>;
2N/A    lwres-tasks <replaceable>integer</replaceable>;
2N/A    lwres-clients <replaceable>integer</replaceable>;
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>OPTIONS</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Aoptions {
2N/A    avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
2N/A    avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
2N/A    blackhole { <replaceable>address_match_element</replaceable>; ... };
2N/A    coresize <replaceable>size</replaceable>;
2N/A    datasize <replaceable>size</replaceable>;
2N/A    directory <replaceable>quoted_string</replaceable>;
2N/A    dump-file <replaceable>quoted_string</replaceable>;
2N/A    files <replaceable>size</replaceable>;
2N/A    heartbeat-interval <replaceable>integer</replaceable>;
2N/A    host-statistics <replaceable>boolean</replaceable>; // not implemented
2N/A    host-statistics-max <replaceable>number</replaceable>; // not implemented
2N/A    hostname ( <replaceable>quoted_string</replaceable> | none );
2N/A    interface-interval <replaceable>integer</replaceable>;
2N/A    keep-response-order { <replaceable>address_match_element</replaceable>; ... };
2N/A    listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
2N/A    listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
2N/A    match-mapped-addresses <replaceable>boolean</replaceable>;
2N/A    memstatistics-file <replaceable>quoted_string</replaceable>;
2N/A    pid-file ( <replaceable>quoted_string</replaceable> | none );
2N/A    port <replaceable>integer</replaceable>;
2N/A    querylog <replaceable>boolean</replaceable>;
2N/A    recursing-file <replaceable>quoted_string</replaceable>;
2N/A    reserved-sockets <replaceable>integer</replaceable>;
2N/A    random-device <replaceable>quoted_string</replaceable>;
2N/A    recursive-clients <replaceable>integer</replaceable>;
2N/A    serial-query-rate <replaceable>integer</replaceable>;
2N/A    server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
2N/A    stacksize <replaceable>size</replaceable>;
2N/A    statistics-file <replaceable>quoted_string</replaceable>;
2N/A    statistics-interval <replaceable>integer</replaceable>; // not yet implemented
2N/A    tcp-clients <replaceable>integer</replaceable>;
2N/A    tcp-listen-queue <replaceable>integer</replaceable>;
2N/A    tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
2N/A    tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
2N/A    tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
2N/A    tkey-domain <replaceable>quoted_string</replaceable>;
2N/A    transfers-per-ns <replaceable>integer</replaceable>;
2N/A    transfers-in <replaceable>integer</replaceable>;
2N/A    transfers-out <replaceable>integer</replaceable>;
2N/A    use-ixfr <replaceable>boolean</replaceable>;
2N/A    version ( <replaceable>quoted_string</replaceable> | none );
2N/A    allow-recursion { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    sortlist { <replaceable>address_match_element</replaceable>; ... };
2N/A    topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
2N/A    auth-nxdomain <replaceable>boolean</replaceable>; // default changed
2N/A    minimal-responses <replaceable>boolean</replaceable>;
2N/A    recursion <replaceable>boolean</replaceable>;
2N/A    rrset-order {
2N/A        <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
2N/A        <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
2N/A    };
2N/A    provide-ixfr <replaceable>boolean</replaceable>;
2N/A    request-ixfr <replaceable>boolean</replaceable>;
2N/A    rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
2N/A    additional-from-auth <replaceable>boolean</replaceable>;
2N/A    additional-from-cache <replaceable>boolean</replaceable>;
2N/A    query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    use-queryport-pool <replaceable>boolean</replaceable>;
2N/A    queryport-pool-ports <replaceable>integer</replaceable>;
2N/A    queryport-pool-updateinterval <replaceable>integer</replaceable>;
2N/A    cleaning-interval <replaceable>integer</replaceable>;
2N/A    resolver-query-timeout <replaceable>integer</replaceable>;
2N/A    min-roots <replaceable>integer</replaceable>; // not implemented
2N/A    lame-ttl <replaceable>integer</replaceable>;
2N/A    max-ncache-ttl <replaceable>integer</replaceable>;
2N/A    max-cache-ttl <replaceable>integer</replaceable>;
2N/A    transfer-format ( many-answers | one-answer );
2N/A    max-cache-size <replaceable>size</replaceable>;
2N/A    max-acache-size <replaceable>size</replaceable>;
2N/A    clients-per-query <replaceable>number</replaceable>;
2N/A    max-clients-per-query <replaceable>number</replaceable>;
2N/A    check-names ( master | slave | response )
2N/A        ( fail | warn | ignore );
2N/A    check-mx ( fail | warn | ignore );
2N/A    check-integrity <replaceable>boolean</replaceable>;
2N/A    check-mx-cname ( fail | warn | ignore );
2N/A    check-srv-cname ( fail | warn | ignore );
2N/A    cache-file <replaceable>quoted_string</replaceable>; // test option
2N/A    suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
2N/A    preferred-glue <replaceable>string</replaceable>;
2N/A    dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A        <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A        <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
2N/A    };
2N/A    edns-udp-size <replaceable>integer</replaceable>;
2N/A    max-udp-size <replaceable>integer</replaceable>;
2N/A    root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
2N/A    disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
2N/A    disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
2N/A    dnssec-enable <replaceable>boolean</replaceable>;
2N/A    dnssec-validation <replaceable>boolean</replaceable>;
2N/A    dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
2N/A    dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
2N/A    dnssec-accept-expired <replaceable>boolean</replaceable>;
2N/A
2N/A    dns64-server <replaceable>string</replaceable>;
2N/A    dns64-contact <replaceable>string</replaceable>;
2N/A    dns64 <replaceable>prefix</replaceable> {
2N/A        clients { <replaceable>acl</replaceable>; };
2N/A        exclude { <replaceable>acl</replaceable>; };
2N/A        mapped { <replaceable>acl</replaceable>; };
2N/A        break-dnssec <replaceable>boolean</replaceable>;
2N/A        recursive-only <replaceable>boolean</replaceable>;
2N/A        suffix <replaceable>ipv6_address</replaceable>;
2N/A    };
2N/A
2N/A    empty-server <replaceable>string</replaceable>;
2N/A    empty-contact <replaceable>string</replaceable>;
2N/A    empty-zones-enable <replaceable>boolean</replaceable>;
2N/A    disable-empty-zone <replaceable>string</replaceable>;
2N/A
2N/A    dialup <replaceable>dialuptype</replaceable>;
2N/A    ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
2N/A
2N/A    allow-query { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-transfer { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
2N/A    update-check-ksk <replaceable>boolean</replaceable>;
2N/A    dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
2N/A
2N/A    masterfile-format ( text | raw | map );
2N/A    notify <replaceable>notifytype</replaceable>;
2N/A    notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-delay <replaceable>seconds</replaceable>;
2N/A    notify-to-soa <replaceable>boolean</replaceable>;
2N/A    also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
2N/A        <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A        <optional> key <replaceable>keyname</replaceable> </optional> ... };
2N/A    allow-notify { <replaceable>address_match_element</replaceable>; ... };
2N/A
2N/A    forward ( first | only );
2N/A    forwarders <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A    };
2N/A
2N/A    max-journal-size <replaceable>size_no_default</replaceable>;
2N/A    max-transfer-time-in <replaceable>integer</replaceable>;
2N/A    max-transfer-time-out <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-in <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-out <replaceable>integer</replaceable>;
2N/A    max-retry-time <replaceable>integer</replaceable>;
2N/A    min-retry-time <replaceable>integer</replaceable>;
2N/A    max-refresh-time <replaceable>integer</replaceable>;
2N/A    min-refresh-time <replaceable>integer</replaceable>;
2N/A    multi-master <replaceable>boolean</replaceable>;
2N/A
2N/A    sig-validity-interval <replaceable>integer</replaceable>;
2N/A    sig-re-signing-interval <replaceable>integer</replaceable>;
2N/A    sig-signing-nodes <replaceable>integer</replaceable>;
2N/A    sig-signing-signatures <replaceable>integer</replaceable>;
2N/A    sig-signing-type <replaceable>integer</replaceable>;
2N/A
2N/A    transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A
2N/A    alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    use-alt-transfer-source <replaceable>boolean</replaceable>;
2N/A
2N/A    zone-statistics <replaceable>boolean</replaceable>;
2N/A    key-directory <replaceable>quoted_string</replaceable>;
2N/A    managed-keys-directory <replaceable>quoted_string</replaceable>;
2N/A    auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
2N/A    try-tcp-refresh <replaceable>boolean</replaceable>;
2N/A    zero-no-soa-ttl <replaceable>boolean</replaceable>;
2N/A    zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
2N/A    dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
2N/A
2N/A    cookie-algorithm ( <replaceable>aes</replaceable> | <replaceable>sha1</replaceable> | <replaceable>sha256</replaceable> );
2N/A    cookie-secret <replaceable>string</replaceable>;
2N/A    require-server-cookie <replaceable>boolean</replaceable>;
2N/A    send-cookie <replaceable>boolean</replaceable>;
2N/A    nocookie-udp-size <replaceable>integer</replaceable>;
2N/A
2N/A    deny-answer-addresses {
2N/A        <replaceable>address_match_list</replaceable>
2N/A    } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
2N/A    deny-answer-aliases {
2N/A        <replaceable>namelist</replaceable>
2N/A    } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
2N/A
2N/A    nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only
2N/A
2N/A    allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
2N/A    deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
2N/A    fake-iquery <replaceable>boolean</replaceable>; // obsolete
2N/A    fetch-glue <replaceable>boolean</replaceable>; // obsolete
2N/A    has-old-clients <replaceable>boolean</replaceable>; // obsolete
2N/A    maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
2N/A    max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
2N/A    multiple-cnames <replaceable>boolean</replaceable>; // obsolete
2N/A    named-xfer <replaceable>quoted_string</replaceable>; // obsolete
2N/A    serial-queries <replaceable>integer</replaceable>; // obsolete
2N/A    treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
2N/A    use-id-pool <replaceable>boolean</replaceable>; // obsolete
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>VIEW</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Aview <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
2N/A    match-clients { <replaceable>address_match_element</replaceable>; ... };
2N/A    match-destinations { <replaceable>address_match_element</replaceable>; ... };
2N/A    match-recursive-only <replaceable>boolean</replaceable>;
2N/A
2N/A    key <replaceable>string</replaceable> {
2N/A        algorithm <replaceable>string</replaceable>;
2N/A        secret <replaceable>string</replaceable>;
2N/A    };
2N/A
2N/A    zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
2N/A        ...
2N/A    };
2N/A
2N/A    server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
2N/A        ...
2N/A    };
2N/A
2N/A    trusted-keys {
2N/A        <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
2N/A        <optional>...</optional>
2N/A    };
2N/A
2N/A    allow-recursion { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    sortlist { <replaceable>address_match_element</replaceable>; ... };
2N/A    topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
2N/A    auth-nxdomain <replaceable>boolean</replaceable>; // default changed
2N/A    minimal-responses <replaceable>boolean</replaceable>;
2N/A    recursion <replaceable>boolean</replaceable>;
2N/A    rrset-order {
2N/A        <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
2N/A        <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
2N/A    };
2N/A    provide-ixfr <replaceable>boolean</replaceable>;
2N/A    request-ixfr <replaceable>boolean</replaceable>;
2N/A    rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
2N/A    additional-from-auth <replaceable>boolean</replaceable>;
2N/A    additional-from-cache <replaceable>boolean</replaceable>;
2N/A    query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    use-queryport-pool <replaceable>boolean</replaceable>;
2N/A    queryport-pool-ports <replaceable>integer</replaceable>;
2N/A    queryport-pool-updateinterval <replaceable>integer</replaceable>;
2N/A    cleaning-interval <replaceable>integer</replaceable>;
2N/A    resolver-query-timeout <replaceable>integer</replaceable>;
2N/A    min-roots <replaceable>integer</replaceable>; // not implemented
2N/A    lame-ttl <replaceable>integer</replaceable>;
2N/A    max-ncache-ttl <replaceable>integer</replaceable>;
2N/A    max-cache-ttl <replaceable>integer</replaceable>;
2N/A    transfer-format ( many-answers | one-answer );
2N/A    max-cache-size <replaceable>size</replaceable>;
2N/A    max-acache-size <replaceable>size</replaceable>;
2N/A    clients-per-query <replaceable>number</replaceable>;
2N/A    max-clients-per-query <replaceable>number</replaceable>;
2N/A    check-names ( master | slave | response )
2N/A        ( fail | warn | ignore );
2N/A    check-mx ( fail | warn | ignore );
2N/A    check-integrity <replaceable>boolean</replaceable>;
2N/A    check-mx-cname ( fail | warn | ignore );
2N/A    check-srv-cname ( fail | warn | ignore );
2N/A    cache-file <replaceable>quoted_string</replaceable>; // test option
2N/A    suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
2N/A    preferred-glue <replaceable>string</replaceable>;
2N/A    dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A        <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A        <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
2N/A    };
2N/A    edns-udp-size <replaceable>integer</replaceable>;
2N/A    max-udp-size <replaceable>integer</replaceable>;
2N/A    root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
2N/A    disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
2N/A    disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
2N/A    dnssec-enable <replaceable>boolean</replaceable>;
2N/A    dnssec-validation <replaceable>boolean</replaceable>;
2N/A    dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
2N/A    dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
2N/A    dnssec-accept-expired <replaceable>boolean</replaceable>;
2N/A
2N/A    dns64-server <replaceable>string</replaceable>;
2N/A    dns64-contact <replaceable>string</replaceable>;
2N/A    dns64 <replaceable>prefix</replaceable> {
2N/A        clients { <replaceable>acl</replaceable>; };
2N/A        exclude { <replaceable>acl</replaceable>; };
2N/A        mapped { <replaceable>acl</replaceable>; };
2N/A        break-dnssec <replaceable>boolean</replaceable>;
2N/A        recursive-only <replaceable>boolean</replaceable>;
2N/A        suffix <replaceable>ipv6_address</replaceable>;
2N/A    };
2N/A
2N/A    empty-server <replaceable>string</replaceable>;
2N/A    empty-contact <replaceable>string</replaceable>;
2N/A    empty-zones-enable <replaceable>boolean</replaceable>;
2N/A    disable-empty-zone <replaceable>string</replaceable>;
2N/A
2N/A    dialup <replaceable>dialuptype</replaceable>;
2N/A    ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
2N/A
2N/A    allow-query { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-transfer { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
2N/A    update-check-ksk <replaceable>boolean</replaceable>;
2N/A    dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
2N/A
2N/A    masterfile-format ( text | raw | map );
2N/A    notify <replaceable>notifytype</replaceable>;
2N/A    notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-delay <replaceable>seconds</replaceable>;
2N/A    notify-to-soa <replaceable>boolean</replaceable>;
2N/A    also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
2N/A        <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A        <optional> key <replaceable>keyname</replaceable> </optional> ... };
2N/A    allow-notify { <replaceable>address_match_element</replaceable>; ... };
2N/A
2N/A    forward ( first | only );
2N/A    forwarders <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A    };
2N/A
2N/A    max-journal-size <replaceable>size_no_default</replaceable>;
2N/A    max-transfer-time-in <replaceable>integer</replaceable>;
2N/A    max-transfer-time-out <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-in <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-out <replaceable>integer</replaceable>;
2N/A    max-retry-time <replaceable>integer</replaceable>;
2N/A    min-retry-time <replaceable>integer</replaceable>;
2N/A    max-refresh-time <replaceable>integer</replaceable>;
2N/A    min-refresh-time <replaceable>integer</replaceable>;
2N/A    multi-master <replaceable>boolean</replaceable>;
2N/A    sig-validity-interval <replaceable>integer</replaceable>;
2N/A
2N/A    transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A
2N/A    alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    use-alt-transfer-source <replaceable>boolean</replaceable>;
2N/A
2N/A    zone-statistics <replaceable>boolean</replaceable>;
2N/A    try-tcp-refresh <replaceable>boolean</replaceable>;
2N/A    key-directory <replaceable>quoted_string</replaceable>;
2N/A    zero-no-soa-ttl <replaceable>boolean</replaceable>;
2N/A    zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
2N/A    dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
2N/A
2N/A    require-server-cookie <replaceable>boolean</replaceable>;
2N/A    send-cookie <replaceable>boolean</replaceable>;
2N/A    nocookie-udp-size <replaceable>integer</replaceable>;
2N/A
2N/A    allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
2N/A    fetch-glue <replaceable>boolean</replaceable>; // obsolete
2N/A    maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
2N/A    max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>ZONE</title></info>
2N/A
2N/A    <literallayout class="normal">
2N/Azone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
2N/A    type ( master | slave | stub | hint | redirect |
2N/A        forward | delegation-only );
2N/A    file <replaceable>quoted_string</replaceable>;
2N/A
2N/A    masters <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>masters</replaceable> |
2N/A        <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
2N/A        <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
2N/A    };
2N/A
2N/A    database <replaceable>string</replaceable>;
2N/A    delegation-only <replaceable>boolean</replaceable>;
2N/A    check-names ( fail | warn | ignore );
2N/A    check-mx ( fail | warn | ignore );
2N/A    check-integrity <replaceable>boolean</replaceable>;
2N/A    check-mx-cname ( fail | warn | ignore );
2N/A    check-srv-cname ( fail | warn | ignore );
2N/A    dialup <replaceable>dialuptype</replaceable>;
2N/A    ixfr-from-differences <replaceable>boolean</replaceable>;
2N/A    journal <replaceable>quoted_string</replaceable>;
2N/A    zero-no-soa-ttl <replaceable>boolean</replaceable>;
2N/A    dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
2N/A
2N/A    allow-query { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-query-on { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-transfer { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update { <replaceable>address_match_element</replaceable>; ... };
2N/A    allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
2N/A    update-policy <replaceable>local</replaceable> | <replaceable> {
2N/A        ( grant | deny ) <replaceable>string</replaceable>
2N/A        ( name | subdomain | wildcard | self | selfsub | selfwild |
2N/A          krb5-self | ms-self | krb5-subdomain | ms-subdomain |
2N/A          tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
2N/A        <replaceable>rrtypelist</replaceable>;
2N/A        <optional>...</optional>
2N/A    }</replaceable>;
2N/A    update-check-ksk <replaceable>boolean</replaceable>;
2N/A    dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
2N/A
2N/A    masterfile-format ( text | raw | map );
2N/A    notify <replaceable>notifytype</replaceable>;
2N/A    notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    notify-delay <replaceable>seconds</replaceable>;
2N/A    notify-to-soa <replaceable>boolean</replaceable>;
2N/A    also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
2N/A        <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A        <optional> key <replaceable>keyname</replaceable> </optional> ... };
2N/A    allow-notify { <replaceable>address_match_element</replaceable>; ... };
2N/A
2N/A    forward ( first | only );
2N/A    forwarders <optional> port <replaceable>integer</replaceable> </optional> {
2N/A        ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
2N/A    };
2N/A
2N/A    max-journal-size <replaceable>size_no_default</replaceable>;
2N/A    max-transfer-time-in <replaceable>integer</replaceable>;
2N/A    max-transfer-time-out <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-in <replaceable>integer</replaceable>;
2N/A    max-transfer-idle-out <replaceable>integer</replaceable>;
2N/A    max-retry-time <replaceable>integer</replaceable>;
2N/A    min-retry-time <replaceable>integer</replaceable>;
2N/A    max-refresh-time <replaceable>integer</replaceable>;
2N/A    min-refresh-time <replaceable>integer</replaceable>;
2N/A    multi-master <replaceable>boolean</replaceable>;
2N/A    request-ixfr <replaceable>boolean</replaceable>;
2N/A    sig-validity-interval <replaceable>integer</replaceable>;
2N/A
2N/A    transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A
2N/A    alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
2N/A        <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
2N/A    use-alt-transfer-source <replaceable>boolean</replaceable>;
2N/A
2N/A    zone-statistics <replaceable>boolean</replaceable>;
2N/A    try-tcp-refresh <replaceable>boolean</replaceable>;
2N/A    key-directory <replaceable>quoted_string</replaceable>;
2N/A
2N/A    nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only
2N/A
2N/A    ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
2N/A    ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
2N/A    maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
2N/A    max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
2N/A    pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
2N/A};
2N/A</literallayout>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>FILES</title></info>
2N/A
2N/A    <para><filename>/etc/named.conf</filename>
2N/A    </para>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>SEE ALSO</title></info>
2N/A
2N/A    <para><citerefentry>
2N/A    <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
2N/A      </citerefentry>,
2N/A      <citerefentry>
2N/A    <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
2N/A      </citerefentry>,
2N/A      <citerefentry>
2N/A    <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
2N/A      </citerefentry>,
2N/A      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
2N/A    </para>
2N/A  </refsection>
2N/A
2N/A</refentry>
2N/A