named.conf.html revision aa6c5a3e331958d3c92c2facdbd2b8daa55b5959
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - Permission to use, copy, modify, and/or distribute this software for any
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - purpose with or without fee is hereby granted, provided that the above
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - copyright notice and this permission notice appear in all copies.
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek - PERFORMANCE OF THIS SOFTWARE.
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<a name="id2476282"></a><div class="titlepage"></div>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<p><code class="filename">named.conf</code> — configuration file for <span><strong class="command">named</strong></span></p>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<a name="id2543376"></a><h2>DESCRIPTION</h2>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<p><code class="filename">named.conf</code> is the configuration file
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek <span><strong class="command">named</strong></span>. Statements are enclosed
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek in braces and terminated with a semi-colon. Clauses in
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek the statements are also semi-colon terminated. The usual
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek comment styles are supported:
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek C++ style: // to end of line
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek Unix style: # to end of line
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<a name="id2543403"></a><h2>ACL</h2>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<div class="literallayout"><p><br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmekacl�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
9365b048c0c9f62ef7f696216ba049e6b4c2f2e5Lennart Poetteringkey�<em class="replaceable"><code>domain_name</code></em>�{<br>
9365b048c0c9f62ef7f696216ba049e6b4c2f2e5Lennart Poettering algorithm�<em class="replaceable"><code>string</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek secret�<em class="replaceable"><code>string</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmekmasters�<em class="replaceable"><code>string</code></em>�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
ea021cc3ea7082786e764734bb344eebbd6f2caaLennart Poettering (�<em class="replaceable"><code>masters</code></em>�|�<em class="replaceable"><code>ipv4_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
ea021cc3ea7082786e764734bb344eebbd6f2caaLennart Poettering <em class="replaceable"><code>ipv6_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�)�[<span class="optional">�key�<em class="replaceable"><code>string</code></em>�</span>];�...<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<a name="id2543484"></a><h2>SERVER</h2>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek<div class="literallayout"><p><br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmekserver�(�<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>�|�<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>�)�{<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek bogus�<em class="replaceable"><code>boolean</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek edns�<em class="replaceable"><code>boolean</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek edns-udp-size�<em class="replaceable"><code>integer</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek max-udp-size�<em class="replaceable"><code>integer</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek tcp-only�<em class="replaceable"><code>boolean</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek provide-ixfr�<em class="replaceable"><code>boolean</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek request-ixfr�<em class="replaceable"><code>boolean</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek keys�<em class="replaceable"><code>server_key</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek transfers�<em class="replaceable"><code>integer</code></em>;<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek transfer-format�(�many-answers�|�one-answer�);<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek transfer-source�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek [<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek transfer-source-v6�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)<br>
3fde5f30bda2a70d97f3dc8fa918e42e1c07cc2cLennart Poettering [<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
d868475ad62547f0a034dfaf038aff31b3d05372Zbigniew Jędrzejewski-Szmek support-ixfr�<em class="replaceable"><code>boolean</code></em>;�//�obsolete<br>
<em class="replaceable"><code>domain_name</code></em>�<em class="replaceable"><code>flags</code></em>�<em class="replaceable"><code>protocol</code></em>�<em class="replaceable"><code>algorithm</code></em>�<em class="replaceable"><code>key</code></em>;�...<br>
<em class="replaceable"><code>domain_name</code></em>�<code class="constant">initial-key</code>�<em class="replaceable"><code>flags</code></em>�<em class="replaceable"><code>protocol</code></em>�<em class="replaceable"><code>algorithm</code></em>�<em class="replaceable"><code>key</code></em>;�...<br>
inet�(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>]<br>
[<span class="optional">�keys�{�<em class="replaceable"><code>string</code></em>;�...�}�</span>];<br>
category�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>string</code></em>;�...�};<br>
listen-on�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>];�...<br>
view�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>optional_class</code></em>;<br>
listen-on�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
listen-on-v6�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
tkey-dhkey�<em class="replaceable"><code>quoted_string</code></em>�<em class="replaceable"><code>integer</code></em>;<br>
topology�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};�//�not�implemented<br>
[<span class="optional">�class�<em class="replaceable"><code>string</code></em>�</span>]�[<span class="optional">�type�<em class="replaceable"><code>string</code></em>�</span>]<br>
[<span class="optional">�name�<em class="replaceable"><code>quoted_string</code></em>�</span>]�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>string</code></em>;�...<br>
query-source�(�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�|�[<span class="optional">�address�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�</span>]�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
query-source-v6�(�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�|�[<span class="optional">�address�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�</span>]�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
suppress-initial-notify�<em class="replaceable"><code>boolean</code></em>;�//�not�yet�implemented<br>
dual-stack-servers�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>quoted_string</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
<em class="replaceable"><code>ipv4_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
<em class="replaceable"><code>ipv6_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�);�...<br>
root-delegation-only�[<span class="optional">�exclude�{�<em class="replaceable"><code>quoted_string</code></em>;�...�}�</span>];<br>
disable-algorithms�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>string</code></em>;�...�};<br>
disable-ds-digests�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>string</code></em>;�...�};<br>
dnssec-lookaside�(�<em class="replaceable"><code>auto</code></em>�|�<em class="replaceable"><code>no</code></em>�|�<em class="replaceable"><code>domain</code></em>�trust-anchor�<em class="replaceable"><code>domain</code></em>�);<br>
dnssec-must-be-secure�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>boolean</code></em>;<br>
allow-update-forwarding�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
notify-source�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
notify-source-v6�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
also-notify�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{�(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)<br>
forwarders�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>];�...<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
auto-dnssec�<code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
cookie-algorithm�(�<em class="replaceable"><code>aes</code></em>�|�<em class="replaceable"><code>sha1</code></em>�|�<em class="replaceable"><code>sha256</code></em>�);<br>
}�[<span class="optional">�except-from�{�<em class="replaceable"><code>namelist</code></em>�}�</span>];<br>
}�[<span class="optional">�except-from�{�<em class="replaceable"><code>namelist</code></em>�}�</span>];<br>
allow-v6-synthesis�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};�//�obsolete<br>
view�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>optional_class</code></em>�{<br>
zone�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>optional_class</code></em>�{<br>
server�(�<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>�|�<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>�)�{<br>
<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>integer</code></em>�<em class="replaceable"><code>integer</code></em>�<em class="replaceable"><code>integer</code></em>�<em class="replaceable"><code>quoted_string</code></em>;<br>
topology�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};�//�not�implemented<br>
[<span class="optional">�class�<em class="replaceable"><code>string</code></em>�</span>]�[<span class="optional">�type�<em class="replaceable"><code>string</code></em>�</span>]<br>
[<span class="optional">�name�<em class="replaceable"><code>quoted_string</code></em>�</span>]�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>string</code></em>;�...<br>
query-source�(�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�|�[<span class="optional">�address�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�</span>]�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
query-source-v6�(�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�|�[<span class="optional">�address�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�</span>]�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
suppress-initial-notify�<em class="replaceable"><code>boolean</code></em>;�//�not�yet�implemented<br>
dual-stack-servers�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>quoted_string</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
<em class="replaceable"><code>ipv4_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
<em class="replaceable"><code>ipv6_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�);�...<br>
root-delegation-only�[<span class="optional">�exclude�{�<em class="replaceable"><code>quoted_string</code></em>;�...�}�</span>];<br>
disable-algorithms�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>string</code></em>;�...�};<br>
disable-ds-digests�<em class="replaceable"><code>string</code></em>�{�<em class="replaceable"><code>string</code></em>;�...�};<br>
dnssec-lookaside�(�<em class="replaceable"><code>auto</code></em>�|�<em class="replaceable"><code>no</code></em>�|�<em class="replaceable"><code>domain</code></em>�trust-anchor�<em class="replaceable"><code>domain</code></em>�);<br>
dnssec-must-be-secure�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>boolean</code></em>;<br>
allow-update-forwarding�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
notify-source�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
notify-source-v6�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
also-notify�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{�(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)<br>
forwarders�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>];�...<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
allow-v6-synthesis�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};�//�obsolete<br>
zone�<em class="replaceable"><code>string</code></em>�<em class="replaceable"><code>optional_class</code></em>�{<br>
masters�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
<em class="replaceable"><code>ipv4_address</code></em>�[<span class="optional">port�<em class="replaceable"><code>integer</code></em></span>]�|<br>
<em class="replaceable"><code>ipv6_address</code></em>�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�)�[<span class="optional">�key�<em class="replaceable"><code>string</code></em>�</span>];�...<br>
allow-update-forwarding�{�<em class="replaceable"><code>address_match_element</code></em>;�...�};<br>
update-policy�<em class="replaceable"><code>local</code></em>�|�<em class="replaceable"><code>�{<br>
notify-source�(�<em class="replaceable"><code>ipv4_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
notify-source-v6�(�<em class="replaceable"><code>ipv6_address</code></em>�|�*�)�[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
also-notify�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{�(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)<br>
forwarders�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>]�{<br>
(�<em class="replaceable"><code>ipv4_address</code></em>�|�<em class="replaceable"><code>ipv6_address</code></em>�)�[<span class="optional">�port�<em class="replaceable"><code>integer</code></em>�</span>];�...<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>
[<span class="optional">�port�(�<em class="replaceable"><code>integer</code></em>�|�*�)�</span>];<br>