1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<refentry> 21 <refentryinfo> 22 <date>January 08, 2014</date> 23 </refentryinfo> 24 25 <refmeta> 26 <refentrytitle><filename>named.conf</filename></refentrytitle> 27 <manvolnum>5</manvolnum> 28 <refmiscinfo>BIND9</refmiscinfo> 29 </refmeta> 30 31 <refnamediv> 32 <refname><filename>named.conf</filename></refname> 33 <refpurpose>configuration file for named</refpurpose> 34 </refnamediv> 35 36 <docinfo> 37 <copyright> 38 <year>2004</year> 39 <year>2005</year> 40 <year>2006</year> 41 <year>2007</year> 42 <year>2008</year> 43 <year>2009</year> 44 <year>2010</year> 45 <year>2011</year> 46 <year>2012</year> 47 <year>2013</year> 48 <year>2014</year> 49 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 50 </copyright> 51 </docinfo> 52 53 <refsynopsisdiv> 54 <cmdsynopsis> 55 <command>named.conf</command> 56 </cmdsynopsis> 57 </refsynopsisdiv> 58 59 <refsect1> 60 <title>DESCRIPTION</title> 61 <para><filename>named.conf</filename> is the configuration file 62 for 63 <command>named</command>. Statements are enclosed 64 in braces and terminated with a semi-colon. Clauses in 65 the statements are also semi-colon terminated. The usual 66 comment styles are supported: 67 </para> 68 <para> 69 C style: /* */ 70 </para> 71 <para> 72 C++ style: // to end of line 73 </para> 74 <para> 75 Unix style: # to end of line 76 </para> 77 </refsect1> 78 79 <refsect1> 80 <title>ACL</title> 81 <literallayout> 82acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... }; 83 84</literallayout> 85 </refsect1> 86 87 <refsect1> 88 <title>KEY</title> 89 <literallayout> 90key <replaceable>domain_name</replaceable> { 91 algorithm <replaceable>string</replaceable>; 92 secret <replaceable>string</replaceable>; 93}; 94</literallayout> 95 </refsect1> 96 97 <refsect1> 98 <title>MASTERS</title> 99 <literallayout> 100masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> { 101 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 102 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 103}; 104</literallayout> 105 </refsect1> 106 107 <refsect1> 108 <title>SERVER</title> 109 <literallayout> 110server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 111 bogus <replaceable>boolean</replaceable>; 112 edns <replaceable>boolean</replaceable>; 113 edns-udp-size <replaceable>integer</replaceable>; 114 max-udp-size <replaceable>integer</replaceable>; 115 provide-ixfr <replaceable>boolean</replaceable>; 116 request-ixfr <replaceable>boolean</replaceable>; 117 keys <replaceable>server_key</replaceable>; 118 transfers <replaceable>integer</replaceable>; 119 transfer-format ( many-answers | one-answer ); 120 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 122 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 123 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 124 125 support-ixfr <replaceable>boolean</replaceable>; // obsolete 126}; 127</literallayout> 128 </refsect1> 129 130 <refsect1> 131 <title>TRUSTED-KEYS</title> 132 <literallayout> 133trusted-keys { 134 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 135}; 136</literallayout> 137 </refsect1> 138 139 <refsect1> 140 <title>MANAGED-KEYS</title> 141 <literallayout> 142managed-keys { 143 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 144}; 145</literallayout> 146 </refsect1> 147 148 <refsect1> 149 <title>CONTROLS</title> 150 <literallayout> 151controls { 152 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * ) 153 <optional> port ( <replaceable>integer</replaceable> | * ) </optional> 154 allow { <replaceable>address_match_element</replaceable>; ... } 155 <optional> keys { <replaceable>string</replaceable>; ... } </optional>; 156 unix <replaceable>unsupported</replaceable>; // not implemented 157}; 158</literallayout> 159 </refsect1> 160 161 <refsect1> 162 <title>LOGGING</title> 163 <literallayout> 164logging { 165 channel <replaceable>string</replaceable> { 166 file <replaceable>log_file</replaceable>; 167 syslog <replaceable>optional_facility</replaceable>; 168 null; 169 stderr; 170 severity <replaceable>log_severity</replaceable>; 171 print-time <replaceable>boolean</replaceable>; 172 print-severity <replaceable>boolean</replaceable>; 173 print-category <replaceable>boolean</replaceable>; 174 }; 175 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 176}; 177</literallayout> 178 </refsect1> 179 180 <refsect1> 181 <title>LWRES</title> 182 <literallayout> 183lwres { 184 listen-on <optional> port <replaceable>integer</replaceable> </optional> { 185 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 186 }; 187 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>; 188 search { <replaceable>string</replaceable>; ... }; 189 ndots <replaceable>integer</replaceable>; 190}; 191</literallayout> 192 </refsect1> 193 194 <refsect1> 195 <title>OPTIONS</title> 196 <literallayout> 197options { 198 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... }; 199 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... }; 200 blackhole { <replaceable>address_match_element</replaceable>; ... }; 201 coresize <replaceable>size</replaceable>; 202 datasize <replaceable>size</replaceable>; 203 directory <replaceable>quoted_string</replaceable>; 204 dump-file <replaceable>quoted_string</replaceable>; 205 files <replaceable>size</replaceable>; 206 heartbeat-interval <replaceable>integer</replaceable>; 207 host-statistics <replaceable>boolean</replaceable>; // not implemented 208 host-statistics-max <replaceable>number</replaceable>; // not implemented 209 hostname ( <replaceable>quoted_string</replaceable> | none ); 210 interface-interval <replaceable>integer</replaceable>; 211 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 212 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 213 match-mapped-addresses <replaceable>boolean</replaceable>; 214 memstatistics-file <replaceable>quoted_string</replaceable>; 215 pid-file ( <replaceable>quoted_string</replaceable> | none ); 216 port <replaceable>integer</replaceable>; 217 querylog <replaceable>boolean</replaceable>; 218 recursing-file <replaceable>quoted_string</replaceable>; 219 reserved-sockets <replaceable>integer</replaceable>; 220 random-device <replaceable>quoted_string</replaceable>; 221 recursive-clients <replaceable>integer</replaceable>; 222 serial-query-rate <replaceable>integer</replaceable>; 223 server-id ( <replaceable>quoted_string</replaceable> | hostname | none ); 224 stacksize <replaceable>size</replaceable>; 225 statistics-file <replaceable>quoted_string</replaceable>; 226 statistics-interval <replaceable>integer</replaceable>; // not yet implemented 227 tcp-clients <replaceable>integer</replaceable>; 228 tcp-listen-queue <replaceable>integer</replaceable>; 229 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>; 230 tkey-gssapi-credential <replaceable>quoted_string</replaceable>; 231 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>; 232 tkey-domain <replaceable>quoted_string</replaceable>; 233 transfers-per-ns <replaceable>integer</replaceable>; 234 transfers-in <replaceable>integer</replaceable>; 235 transfers-out <replaceable>integer</replaceable>; 236 use-ixfr <replaceable>boolean</replaceable>; 237 version ( <replaceable>quoted_string</replaceable> | none ); 238 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 239 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 240 sortlist { <replaceable>address_match_element</replaceable>; ... }; 241 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 242 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 243 minimal-responses <replaceable>boolean</replaceable>; 244 recursion <replaceable>boolean</replaceable>; 245 rrset-order { 246 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 247 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 248 }; 249 provide-ixfr <replaceable>boolean</replaceable>; 250 request-ixfr <replaceable>boolean</replaceable>; 251 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 252 additional-from-auth <replaceable>boolean</replaceable>; 253 additional-from-cache <replaceable>boolean</replaceable>; 254 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 255 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 256 use-queryport-pool <replaceable>boolean</replaceable>; 257 queryport-pool-ports <replaceable>integer</replaceable>; 258 queryport-pool-updateinterval <replaceable>integer</replaceable>; 259 cleaning-interval <replaceable>integer</replaceable>; 260 resolver-query-timeout <replaceable>integer</replaceable>; 261 min-roots <replaceable>integer</replaceable>; // not implemented 262 lame-ttl <replaceable>integer</replaceable>; 263 max-ncache-ttl <replaceable>integer</replaceable>; 264 max-cache-ttl <replaceable>integer</replaceable>; 265 transfer-format ( many-answers | one-answer ); 266 max-cache-size <replaceable>size</replaceable>; 267 max-acache-size <replaceable>size</replaceable>; 268 clients-per-query <replaceable>number</replaceable>; 269 max-clients-per-query <replaceable>number</replaceable>; 270 check-names ( master | slave | response ) 271 ( fail | warn | ignore ); 272 check-mx ( fail | warn | ignore ); 273 check-integrity <replaceable>boolean</replaceable>; 274 check-mx-cname ( fail | warn | ignore ); 275 check-srv-cname ( fail | warn | ignore ); 276 cache-file <replaceable>quoted_string</replaceable>; // test option 277 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 278 preferred-glue <replaceable>string</replaceable>; 279 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 280 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 281 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 282 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 283 }; 284 edns-udp-size <replaceable>integer</replaceable>; 285 max-udp-size <replaceable>integer</replaceable>; 286 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 287 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 288 disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 289 dnssec-enable <replaceable>boolean</replaceable>; 290 dnssec-validation <replaceable>boolean</replaceable>; 291 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 292 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 293 dnssec-accept-expired <replaceable>boolean</replaceable>; 294 295 dns64-server <replaceable>string</replaceable>; 296 dns64-contact <replaceable>string</replaceable>; 297 dns64 <replaceable>prefix</replaceable> { 298 clients { <replacable>acl</replacable>; }; 299 exclude { <replacable>acl</replacable>; }; 300 mapped { <replacable>acl</replacable>; }; 301 break-dnssec <replaceable>boolean</replaceable>; 302 recursive-only <replaceable>boolean</replaceable>; 303 suffix <replaceable>ipv6_address</replaceable>; 304 }; 305 306 empty-server <replaceable>string</replaceable>; 307 empty-contact <replaceable>string</replaceable>; 308 empty-zones-enable <replaceable>boolean</replaceable>; 309 disable-empty-zone <replaceable>string</replaceable>; 310 311 dialup <replaceable>dialuptype</replaceable>; 312 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 313 314 allow-query { <replaceable>address_match_element</replaceable>; ... }; 315 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 316 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 317 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 318 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 319 allow-update { <replaceable>address_match_element</replaceable>; ... }; 320 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 321 update-check-ksk <replaceable>boolean</replaceable>; 322 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 323 324 masterfile-format ( text | raw | map ); 325 notify <replaceable>notifytype</replaceable>; 326 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 327 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 328 notify-delay <replaceable>seconds</replaceable>; 329 notify-to-soa <replaceable>boolean</replaceable>; 330 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 331 <optional> port <replaceable>integer</replaceable> </optional>; ... 332 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 333 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 334 335 forward ( first | only ); 336 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 337 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 338 }; 339 340 max-journal-size <replaceable>size_no_default</replaceable>; 341 max-transfer-time-in <replaceable>integer</replaceable>; 342 max-transfer-time-out <replaceable>integer</replaceable>; 343 max-transfer-idle-in <replaceable>integer</replaceable>; 344 max-transfer-idle-out <replaceable>integer</replaceable>; 345 max-retry-time <replaceable>integer</replaceable>; 346 min-retry-time <replaceable>integer</replaceable>; 347 max-refresh-time <replaceable>integer</replaceable>; 348 min-refresh-time <replaceable>integer</replaceable>; 349 multi-master <replaceable>boolean</replaceable>; 350 351 sig-validity-interval <replaceable>integer</replaceable>; 352 sig-re-signing-interval <replaceable>integer</replaceable>; 353 sig-signing-nodes <replaceable>integer</replaceable>; 354 sig-signing-signatures <replaceable>integer</replaceable>; 355 sig-signing-type <replaceable>integer</replaceable>; 356 357 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 358 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 359 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 360 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 361 362 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 363 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 364 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 365 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 366 use-alt-transfer-source <replaceable>boolean</replaceable>; 367 368 zone-statistics <replaceable>boolean</replaceable>; 369 key-directory <replaceable>quoted_string</replaceable>; 370 managed-keys-directory <replaceable>quoted_string</replaceable>; 371 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; 372 try-tcp-refresh <replaceable>boolean</replaceable>; 373 zero-no-soa-ttl <replaceable>boolean</replaceable>; 374 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 375 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 376 deny-answer-addresses { 377 <replaceable>address_match_list</replaceable> 378 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 379 deny-answer-aliases { 380 <replaceable>namelist</replaceable> 381 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 382 383 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 384 385 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 386 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete 387 fake-iquery <replaceable>boolean</replaceable>; // obsolete 388 fetch-glue <replaceable>boolean</replaceable>; // obsolete 389 has-old-clients <replaceable>boolean</replaceable>; // obsolete 390 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 391 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 392 multiple-cnames <replaceable>boolean</replaceable>; // obsolete 393 named-xfer <replaceable>quoted_string</replaceable>; // obsolete 394 serial-queries <replaceable>integer</replaceable>; // obsolete 395 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete 396 use-id-pool <replaceable>boolean</replaceable>; // obsolete 397}; 398</literallayout> 399 </refsect1> 400 401 <refsect1> 402 <title>VIEW</title> 403 <literallayout> 404view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 405 match-clients { <replaceable>address_match_element</replaceable>; ... }; 406 match-destinations { <replaceable>address_match_element</replaceable>; ... }; 407 match-recursive-only <replaceable>boolean</replaceable>; 408 409 key <replaceable>string</replaceable> { 410 algorithm <replaceable>string</replaceable>; 411 secret <replaceable>string</replaceable>; 412 }; 413 414 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 415 ... 416 }; 417 418 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 419 ... 420 }; 421 422 trusted-keys { 423 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; 424 <optional>...</optional> 425 }; 426 427 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 428 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 429 sortlist { <replaceable>address_match_element</replaceable>; ... }; 430 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 431 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 432 minimal-responses <replaceable>boolean</replaceable>; 433 recursion <replaceable>boolean</replaceable>; 434 rrset-order { 435 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 436 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 437 }; 438 provide-ixfr <replaceable>boolean</replaceable>; 439 request-ixfr <replaceable>boolean</replaceable>; 440 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 441 additional-from-auth <replaceable>boolean</replaceable>; 442 additional-from-cache <replaceable>boolean</replaceable>; 443 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 444 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 445 use-queryport-pool <replaceable>boolean</replaceable>; 446 queryport-pool-ports <replaceable>integer</replaceable>; 447 queryport-pool-updateinterval <replaceable>integer</replaceable>; 448 cleaning-interval <replaceable>integer</replaceable>; 449 resolver-query-timeout <replaceable>integer</replaceable>; 450 min-roots <replaceable>integer</replaceable>; // not implemented 451 lame-ttl <replaceable>integer</replaceable>; 452 max-ncache-ttl <replaceable>integer</replaceable>; 453 max-cache-ttl <replaceable>integer</replaceable>; 454 transfer-format ( many-answers | one-answer ); 455 max-cache-size <replaceable>size</replaceable>; 456 max-acache-size <replaceable>size</replaceable>; 457 clients-per-query <replaceable>number</replaceable>; 458 max-clients-per-query <replaceable>number</replaceable>; 459 check-names ( master | slave | response ) 460 ( fail | warn | ignore ); 461 check-mx ( fail | warn | ignore ); 462 check-integrity <replaceable>boolean</replaceable>; 463 check-mx-cname ( fail | warn | ignore ); 464 check-srv-cname ( fail | warn | ignore ); 465 cache-file <replaceable>quoted_string</replaceable>; // test option 466 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 467 preferred-glue <replaceable>string</replaceable>; 468 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 469 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 470 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 471 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 472 }; 473 edns-udp-size <replaceable>integer</replaceable>; 474 max-udp-size <replaceable>integer</replaceable>; 475 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 476 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 477 disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 478 dnssec-enable <replaceable>boolean</replaceable>; 479 dnssec-validation <replaceable>boolean</replaceable>; 480 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 481 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 482 dnssec-accept-expired <replaceable>boolean</replaceable>; 483 484 dns64-server <replaceable>string</replaceable>; 485 dns64-contact <replaceable>string</replaceable>; 486 dns64 <replaceable>prefix</replaceable> { 487 clients { <replacable>acl</replacable>; }; 488 exclude { <replacable>acl</replacable>; }; 489 mapped { <replacable>acl</replacable>; }; 490 break-dnssec <replaceable>boolean</replaceable>; 491 recursive-only <replaceable>boolean</replaceable>; 492 suffix <replaceable>ipv6_address</replaceable>; 493 }; 494 495 empty-server <replaceable>string</replaceable>; 496 empty-contact <replaceable>string</replaceable>; 497 empty-zones-enable <replaceable>boolean</replaceable>; 498 disable-empty-zone <replaceable>string</replaceable>; 499 500 dialup <replaceable>dialuptype</replaceable>; 501 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 502 503 allow-query { <replaceable>address_match_element</replaceable>; ... }; 504 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 505 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 506 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 507 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 508 allow-update { <replaceable>address_match_element</replaceable>; ... }; 509 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 510 update-check-ksk <replaceable>boolean</replaceable>; 511 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 512 513 masterfile-format ( text | raw | map ); 514 notify <replaceable>notifytype</replaceable>; 515 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 516 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 517 notify-delay <replaceable>seconds</replaceable>; 518 notify-to-soa <replaceable>boolean</replaceable>; 519 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 520 <optional> port <replaceable>integer</replaceable> </optional>; ... 521 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 522 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 523 524 forward ( first | only ); 525 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 526 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 527 }; 528 529 max-journal-size <replaceable>size_no_default</replaceable>; 530 max-transfer-time-in <replaceable>integer</replaceable>; 531 max-transfer-time-out <replaceable>integer</replaceable>; 532 max-transfer-idle-in <replaceable>integer</replaceable>; 533 max-transfer-idle-out <replaceable>integer</replaceable>; 534 max-retry-time <replaceable>integer</replaceable>; 535 min-retry-time <replaceable>integer</replaceable>; 536 max-refresh-time <replaceable>integer</replaceable>; 537 min-refresh-time <replaceable>integer</replaceable>; 538 multi-master <replaceable>boolean</replaceable>; 539 sig-validity-interval <replaceable>integer</replaceable>; 540 541 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 542 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 543 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 544 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 545 546 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 547 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 548 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 549 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 550 use-alt-transfer-source <replaceable>boolean</replaceable>; 551 552 zone-statistics <replaceable>boolean</replaceable>; 553 try-tcp-refresh <replaceable>boolean</replaceable>; 554 key-directory <replaceable>quoted_string</replaceable>; 555 zero-no-soa-ttl <replaceable>boolean</replaceable>; 556 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 557 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 558 559 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 560 fetch-glue <replaceable>boolean</replaceable>; // obsolete 561 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 562 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 563}; 564</literallayout> 565 </refsect1> 566 567 <refsect1> 568 <title>ZONE</title> 569 <literallayout> 570zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 571 type ( master | slave | stub | hint | redirect | 572 forward | delegation-only ); 573 file <replaceable>quoted_string</replaceable>; 574 575 masters <optional> port <replaceable>integer</replaceable> </optional> { 576 ( <replaceable>masters</replaceable> | 577 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 578 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 579 }; 580 581 database <replaceable>string</replaceable>; 582 delegation-only <replaceable>boolean</replaceable>; 583 check-names ( fail | warn | ignore ); 584 check-mx ( fail | warn | ignore ); 585 check-integrity <replaceable>boolean</replaceable>; 586 check-mx-cname ( fail | warn | ignore ); 587 check-srv-cname ( fail | warn | ignore ); 588 dialup <replaceable>dialuptype</replaceable>; 589 ixfr-from-differences <replaceable>boolean</replaceable>; 590 journal <replaceable>quoted_string</replaceable>; 591 zero-no-soa-ttl <replaceable>boolean</replaceable>; 592 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 593 594 allow-query { <replaceable>address_match_element</replaceable>; ... }; 595 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 596 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 597 allow-update { <replaceable>address_match_element</replaceable>; ... }; 598 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 599 update-policy <replaceable>local</replaceable> | <replaceable> { 600 ( grant | deny ) <replaceable>string</replaceable> 601 ( name | subdomain | wildcard | self | selfsub | selfwild | 602 krb5-self | ms-self | krb5-subdomain | ms-subdomain | 603 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> 604 <replaceable>rrtypelist</replaceable>; 605 <optional>...</optional> 606 }</replaceable>; 607 update-check-ksk <replaceable>boolean</replaceable>; 608 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 609 610 masterfile-format ( text | raw | map ); 611 notify <replaceable>notifytype</replaceable>; 612 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 613 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 614 notify-delay <replaceable>seconds</replaceable>; 615 notify-to-soa <replaceable>boolean</replaceable>; 616 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 617 <optional> port <replaceable>integer</replaceable> </optional>; ... 618 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 619 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 620 621 forward ( first | only ); 622 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 623 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 624 }; 625 626 max-journal-size <replaceable>size_no_default</replaceable>; 627 max-transfer-time-in <replaceable>integer</replaceable>; 628 max-transfer-time-out <replaceable>integer</replaceable>; 629 max-transfer-idle-in <replaceable>integer</replaceable>; 630 max-transfer-idle-out <replaceable>integer</replaceable>; 631 max-retry-time <replaceable>integer</replaceable>; 632 min-retry-time <replaceable>integer</replaceable>; 633 max-refresh-time <replaceable>integer</replaceable>; 634 min-refresh-time <replaceable>integer</replaceable>; 635 multi-master <replaceable>boolean</replaceable>; 636 request-ixfr <replaceable>boolean</replaceable>; 637 sig-validity-interval <replaceable>integer</replaceable>; 638 639 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 640 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 641 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 642 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 643 644 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 645 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 646 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 647 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 648 use-alt-transfer-source <replaceable>boolean</replaceable>; 649 650 zone-statistics <replaceable>boolean</replaceable>; 651 try-tcp-refresh <replaceable>boolean</replaceable>; 652 key-directory <replaceable>quoted_string</replaceable>; 653 654 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 655 656 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete 657 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete 658 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 659 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 660 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete 661}; 662</literallayout> 663 </refsect1> 664 665 <refsect1> 666 <title>FILES</title> 667 <para><filename>/etc/named.conf</filename> 668 </para> 669 </refsect1> 670 671 <refsect1> 672 <title>SEE ALSO</title> 673 <para><citerefentry> 674 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 675 </citerefentry>, 676 <citerefentry> 677 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> 678 </citerefentry>, 679 <citerefentry> 680 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> 681 </citerefentry>, 682 <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 683 </para> 684 </refsect1> 685 686</refentry><!-- 687 - Local variables: 688 - mode: sgml 689 - End: 690--> 691