1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12.. highlight: console 13 14named.conf - configuration file for **named** 15--------------------------------------------- 16 17Synopsis 18~~~~~~~~ 19 20:program:`named.conf` 21 22Description 23~~~~~~~~~~~ 24 25``named.conf`` is the configuration file for ``named``. Statements are 26enclosed in braces and terminated with a semi-colon. Clauses in the 27statements are also semi-colon terminated. The usual comment styles are 28supported: 29 30C style: /\* \*/ 31 32 C++ style: // to end of line 33 34Unix style: # to end of line 35 36ACL 37^^^ 38 39:: 40 41 acl string { address_match_element; ... }; 42 43CONTROLS 44^^^^^^^^ 45 46:: 47 48 controls { 49 inet ( ipv4_address | ipv6_address | 50 * ) [ port ( integer | * ) ] allow 51 { address_match_element; ... } [ 52 keys { string; ... } ] [ read-only 53 boolean ]; 54 unix quoted_string perm integer 55 owner integer group integer [ 56 keys { string; ... } ] [ read-only 57 boolean ]; 58 }; 59 60DLZ 61^^^ 62 63:: 64 65 dlz string { 66 database string; 67 search boolean; 68 }; 69 70DNSSEC-POLICY 71^^^^^^^^^^^^^ 72 73:: 74 75 dnssec-policy string { 76 dnskey-ttl duration; 77 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 78 duration_or_unlimited algorithm string [ integer ]; ... }; 79 max-zone-ttl duration; 80 nsec3param [ iterations integer ] [ optout boolean ] [ 81 salt-length integer ]; 82 parent-ds-ttl duration; 83 parent-propagation-delay duration; 84 publish-safety duration; 85 purge-keys duration; 86 retire-safety duration; 87 signatures-refresh duration; 88 signatures-validity duration; 89 signatures-validity-dnskey duration; 90 zone-propagation-delay duration; 91 }; 92 93DYNDB 94^^^^^ 95 96:: 97 98 dyndb string quoted_string { 99 unspecified-text }; 100 101KEY 102^^^ 103 104:: 105 106 key string { 107 algorithm string; 108 secret string; 109 }; 110 111LOGGING 112^^^^^^^ 113 114:: 115 116 logging { 117 category string { string; ... }; 118 channel string { 119 buffered boolean; 120 file quoted_string [ versions ( unlimited | integer ) ] 121 [ size size ] [ suffix ( increment | timestamp ) ]; 122 null; 123 print-category boolean; 124 print-severity boolean; 125 print-time ( iso8601 | iso8601-utc | local | boolean ); 126 severity log_severity; 127 stderr; 128 syslog [ syslog_facility ]; 129 }; 130 }; 131 132MANAGED-KEYS 133^^^^^^^^^^^^ 134 135See DNSSEC-KEYS. 136 137:: 138 139 managed-keys { string ( static-key 140 | initial-key | static-ds | 141 initial-ds ) integer integer 142 integer quoted_string; ... };, deprecated 143 144MASTERS 145^^^^^^^ 146 147:: 148 149 masters string [ port integer ] [ dscp 150 integer ] { ( remote-servers | 151 ipv4_address [ port integer ] | 152 ipv6_address [ port integer ] ) [ key 153 string ]; ... }; 154 155OPTIONS 156^^^^^^^ 157 158:: 159 160 options { 161 allow-new-zones boolean; 162 allow-notify { address_match_element; ... }; 163 allow-query { address_match_element; ... }; 164 allow-query-cache { address_match_element; ... }; 165 allow-query-cache-on { address_match_element; ... }; 166 allow-query-on { address_match_element; ... }; 167 allow-recursion { address_match_element; ... }; 168 allow-recursion-on { address_match_element; ... }; 169 allow-transfer { address_match_element; ... }; 170 allow-update { address_match_element; ... }; 171 allow-update-forwarding { address_match_element; ... }; 172 also-notify [ port integer ] [ dscp integer ] { ( 173 remote-servers | ipv4_address [ port integer ] | 174 ipv6_address [ port integer ] ) [ key string ]; ... }; 175 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 176 ] [ dscp integer ]; 177 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 178 * ) ] [ dscp integer ]; 179 answer-cookie boolean; 180 attach-cache string; 181 auth-nxdomain boolean; // default changed 182 auto-dnssec ( allow | maintain | off ); 183 automatic-interface-scan boolean; 184 avoid-v4-udp-ports { portrange; ... }; 185 avoid-v6-udp-ports { portrange; ... }; 186 bindkeys-file quoted_string; 187 blackhole { address_match_element; ... }; 188 cache-file quoted_string;// deprecated 189 catalog-zones { zone string [ default-masters [ port integer ] 190 [ dscp integer ] { ( remote-servers | ipv4_address [ port 191 integer ] | ipv6_address [ port integer ] ) [ key 192 string ]; ... } ] [ zone-directory quoted_string ] [ 193 in-memory boolean ] [ min-update-interval duration ]; ... }; 194 check-dup-records ( fail | warn | ignore ); 195 check-integrity boolean; 196 check-mx ( fail | warn | ignore ); 197 check-mx-cname ( fail | warn | ignore ); 198 check-names ( primary | master | 199 secondary | slave | response ) ( 200 fail | warn | ignore ); 201 check-sibling boolean; 202 check-spf ( warn | ignore ); 203 check-srv-cname ( fail | warn | ignore ); 204 check-wildcard boolean; 205 clients-per-query integer; 206 cookie-algorithm ( aes | siphash24 ); 207 cookie-secret string; 208 coresize ( default | unlimited | sizeval ); 209 datasize ( default | unlimited | sizeval ); 210 deny-answer-addresses { address_match_element; ... } [ 211 except-from { string; ... } ]; 212 deny-answer-aliases { string; ... } [ except-from { string; ... 213 } ]; 214 dialup ( notify | notify-passive | passive | refresh | boolean ); 215 directory quoted_string; 216 disable-algorithms string { string; 217 ... }; 218 disable-ds-digests string { string; 219 ... }; 220 disable-empty-zone string; 221 dns64 netprefix { 222 break-dnssec boolean; 223 clients { address_match_element; ... }; 224 exclude { address_match_element; ... }; 225 mapped { address_match_element; ... }; 226 recursive-only boolean; 227 suffix ipv6_address; 228 }; 229 dns64-contact string; 230 dns64-server string; 231 dnskey-sig-validity integer; 232 dnsrps-enable boolean; 233 dnsrps-options { unspecified-text }; 234 dnssec-accept-expired boolean; 235 dnssec-dnskey-kskonly boolean; 236 dnssec-loadkeys-interval integer; 237 dnssec-must-be-secure string boolean; 238 dnssec-policy string; 239 dnssec-secure-to-insecure boolean; 240 dnssec-update-mode ( maintain | no-resign ); 241 dnssec-validation ( yes | no | auto ); 242 dnstap { ( all | auth | client | forwarder | resolver | update ) [ 243 ( query | response ) ]; ... }; 244 dnstap-identity ( quoted_string | none | hostname ); 245 dnstap-output ( file | unix ) quoted_string [ size ( unlimited | 246 size ) ] [ versions ( unlimited | integer ) ] [ suffix ( 247 increment | timestamp ) ]; 248 dnstap-version ( quoted_string | none ); 249 dscp integer; 250 dual-stack-servers [ port integer ] { ( quoted_string [ port 251 integer ] [ dscp integer ] | ipv4_address [ port 252 integer ] [ dscp integer ] | ipv6_address [ port 253 integer ] [ dscp integer ] ); ... }; 254 dump-file quoted_string; 255 edns-udp-size integer; 256 empty-contact string; 257 empty-server string; 258 empty-zones-enable boolean; 259 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 260 fetches-per-server integer [ ( drop | fail ) ]; 261 fetches-per-zone integer [ ( drop | fail ) ]; 262 files ( default | unlimited | sizeval ); 263 flush-zones-on-shutdown boolean; 264 forward ( first | only ); 265 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 266 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 267 fstrm-set-buffer-hint integer; 268 fstrm-set-flush-timeout integer; 269 fstrm-set-input-queue-size integer; 270 fstrm-set-output-notify-threshold integer; 271 fstrm-set-output-queue-model ( mpsc | spsc ); 272 fstrm-set-output-queue-size integer; 273 fstrm-set-reopen-interval duration; 274 geoip-directory ( quoted_string | none ); 275 glue-cache boolean; 276 heartbeat-interval integer; 277 hostname ( quoted_string | none ); 278 interface-interval duration; 279 ixfr-from-differences ( primary | master | secondary | slave | 280 boolean ); 281 keep-response-order { address_match_element; ... }; 282 key-directory quoted_string; 283 lame-ttl duration; 284 listen-on [ port integer ] [ dscp 285 integer ] { 286 address_match_element; ... }; 287 listen-on-v6 [ port integer ] [ dscp 288 integer ] { 289 address_match_element; ... }; 290 lmdb-mapsize sizeval; 291 lock-file ( quoted_string | none ); 292 managed-keys-directory quoted_string; 293 masterfile-format ( map | raw | text ); 294 masterfile-style ( full | relative ); 295 match-mapped-addresses boolean; 296 max-cache-size ( default | unlimited | sizeval | percentage ); 297 max-cache-ttl duration; 298 max-clients-per-query integer; 299 max-ixfr-ratio ( unlimited | percentage ); 300 max-journal-size ( default | unlimited | sizeval ); 301 max-ncache-ttl duration; 302 max-records integer; 303 max-recursion-depth integer; 304 max-recursion-queries integer; 305 max-refresh-time integer; 306 max-retry-time integer; 307 max-rsa-exponent-size integer; 308 max-stale-ttl duration; 309 max-transfer-idle-in integer; 310 max-transfer-idle-out integer; 311 max-transfer-time-in integer; 312 max-transfer-time-out integer; 313 max-udp-size integer; 314 max-zone-ttl ( unlimited | duration ); 315 memstatistics boolean; 316 memstatistics-file quoted_string; 317 message-compression boolean; 318 min-cache-ttl duration; 319 min-ncache-ttl duration; 320 min-refresh-time integer; 321 min-retry-time integer; 322 minimal-any boolean; 323 minimal-responses ( no-auth | no-auth-recursive | boolean ); 324 multi-master boolean; 325 new-zones-directory quoted_string; 326 no-case-compress { address_match_element; ... }; 327 nocookie-udp-size integer; 328 notify ( explicit | master-only | primary-only | boolean ); 329 notify-delay integer; 330 notify-rate integer; 331 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 332 dscp integer ]; 333 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 334 [ dscp integer ]; 335 notify-to-soa boolean; 336 nta-lifetime duration; 337 nta-recheck duration; 338 nxdomain-redirect string; 339 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 340 dscp integer ]; 341 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 342 ] [ dscp integer ]; 343 pid-file ( quoted_string | none ); 344 port integer; 345 preferred-glue string; 346 prefetch integer [ integer ]; 347 provide-ixfr boolean; 348 qname-minimization ( strict | relaxed | disabled | off ); 349 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 350 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 351 port ( integer | * ) ) ) [ dscp integer ]; 352 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 353 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 354 port ( integer | * ) ) ) [ dscp integer ]; 355 querylog boolean; 356 random-device ( quoted_string | none ); 357 rate-limit { 358 all-per-second integer; 359 errors-per-second integer; 360 exempt-clients { address_match_element; ... }; 361 ipv4-prefix-length integer; 362 ipv6-prefix-length integer; 363 log-only boolean; 364 max-table-size integer; 365 min-table-size integer; 366 nodata-per-second integer; 367 nxdomains-per-second integer; 368 qps-scale integer; 369 referrals-per-second integer; 370 responses-per-second integer; 371 slip integer; 372 window integer; 373 }; 374 recursing-file quoted_string; 375 recursion boolean; 376 recursive-clients integer; 377 request-expire boolean; 378 request-ixfr boolean; 379 request-nsid boolean; 380 require-server-cookie boolean; 381 reserved-sockets integer; 382 resolver-nonbackoff-tries integer; 383 resolver-query-timeout integer; 384 resolver-retry-interval integer; 385 response-padding { address_match_element; ... } block-size 386 integer; 387 response-policy { zone string [ add-soa boolean ] [ log 388 boolean ] [ max-policy-ttl duration ] [ min-update-interval 389 duration ] [ policy ( cname | disabled | drop | given | no-op 390 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 391 recursive-only boolean ] [ nsip-enable boolean ] [ 392 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 393 break-dnssec boolean ] [ max-policy-ttl duration ] [ 394 min-update-interval duration ] [ min-ns-dots integer ] [ 395 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 396 [ recursive-only boolean ] [ nsip-enable boolean ] [ 397 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 398 dnsrps-options { unspecified-text } ]; 399 root-delegation-only [ exclude { string; ... } ]; 400 root-key-sentinel boolean; 401 rrset-order { [ class string ] [ type string ] [ name 402 quoted_string ] string string; ... }; 403 secroots-file quoted_string; 404 send-cookie boolean; 405 serial-query-rate integer; 406 serial-update-method ( date | increment | unixtime ); 407 server-id ( quoted_string | none | hostname ); 408 servfail-ttl duration; 409 session-keyalg string; 410 session-keyfile ( quoted_string | none ); 411 session-keyname string; 412 sig-signing-nodes integer; 413 sig-signing-signatures integer; 414 sig-signing-type integer; 415 sig-validity-interval integer [ integer ]; 416 sortlist { address_match_element; ... }; 417 stacksize ( default | unlimited | sizeval ); 418 stale-answer-client-timeout ( disabled | off | integer ); 419 stale-answer-enable boolean; 420 stale-answer-ttl duration; 421 stale-cache-enable boolean; 422 stale-refresh-time duration; 423 startup-notify-rate integer; 424 statistics-file quoted_string; 425 synth-from-dnssec boolean; 426 tcp-advertised-timeout integer; 427 tcp-clients integer; 428 tcp-idle-timeout integer; 429 tcp-initial-timeout integer; 430 tcp-keepalive-timeout integer; 431 tcp-listen-queue integer; 432 tkey-dhkey quoted_string integer; 433 tkey-domain quoted_string; 434 tkey-gssapi-credential quoted_string; 435 tkey-gssapi-keytab quoted_string; 436 transfer-format ( many-answers | one-answer ); 437 transfer-message-size integer; 438 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 439 dscp integer ]; 440 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 441 ] [ dscp integer ]; 442 transfers-in integer; 443 transfers-out integer; 444 transfers-per-ns integer; 445 trust-anchor-telemetry boolean; // experimental 446 try-tcp-refresh boolean; 447 update-check-ksk boolean; 448 use-alt-transfer-source boolean; 449 use-v4-udp-ports { portrange; ... }; 450 use-v6-udp-ports { portrange; ... }; 451 v6-bias integer; 452 validate-except { string; ... }; 453 version ( quoted_string | none ); 454 zero-no-soa-ttl boolean; 455 zero-no-soa-ttl-cache boolean; 456 zone-statistics ( full | terse | none | boolean ); 457 }; 458 459PARENTAL-AGENTS 460^^^^^^^^^^^^^^^ 461 462:: 463 464 parental-agents string [ port integer ] [ 465 dscp integer ] { ( remote-servers | 466 ipv4_address [ port integer ] | 467 ipv6_address [ port integer ] ) [ key 468 string ]; ... }; 469 470PLUGIN 471^^^^^^ 472 473:: 474 475 plugin ( query ) string [ { unspecified-text 476 } ]; 477 478PRIMARIES 479^^^^^^^^^ 480 481:: 482 483 primaries string [ port integer ] [ dscp 484 integer ] { ( remote-servers | 485 ipv4_address [ port integer ] | 486 ipv6_address [ port integer ] ) [ key 487 string ]; ... }; 488 489SERVER 490^^^^^^ 491 492:: 493 494 server netprefix { 495 bogus boolean; 496 edns boolean; 497 edns-udp-size integer; 498 edns-version integer; 499 keys server_key; 500 max-udp-size integer; 501 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 502 dscp integer ]; 503 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 504 [ dscp integer ]; 505 padding integer; 506 provide-ixfr boolean; 507 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 508 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 509 port ( integer | * ) ) ) [ dscp integer ]; 510 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 511 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 512 port ( integer | * ) ) ) [ dscp integer ]; 513 request-expire boolean; 514 request-ixfr boolean; 515 request-nsid boolean; 516 send-cookie boolean; 517 tcp-keepalive boolean; 518 tcp-only boolean; 519 transfer-format ( many-answers | one-answer ); 520 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 521 dscp integer ]; 522 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 523 ] [ dscp integer ]; 524 transfers integer; 525 }; 526 527STATISTICS-CHANNELS 528^^^^^^^^^^^^^^^^^^^ 529 530:: 531 532 statistics-channels { 533 inet ( ipv4_address | ipv6_address | 534 * ) [ port ( integer | * ) ] [ 535 allow { address_match_element; ... 536 } ]; 537 }; 538 539TRUST-ANCHORS 540^^^^^^^^^^^^^ 541 542:: 543 544 trust-anchors { string ( static-key | 545 initial-key | static-ds | initial-ds ) 546 integer integer integer 547 quoted_string; ... }; 548 549TRUSTED-KEYS 550^^^^^^^^^^^^ 551 552Deprecated - see DNSSEC-KEYS. 553 554:: 555 556 trusted-keys { string integer 557 integer integer 558 quoted_string; ... };, deprecated 559 560VIEW 561^^^^ 562 563:: 564 565 view string [ class ] { 566 allow-new-zones boolean; 567 allow-notify { address_match_element; ... }; 568 allow-query { address_match_element; ... }; 569 allow-query-cache { address_match_element; ... }; 570 allow-query-cache-on { address_match_element; ... }; 571 allow-query-on { address_match_element; ... }; 572 allow-recursion { address_match_element; ... }; 573 allow-recursion-on { address_match_element; ... }; 574 allow-transfer { address_match_element; ... }; 575 allow-update { address_match_element; ... }; 576 allow-update-forwarding { address_match_element; ... }; 577 also-notify [ port integer ] [ dscp integer ] { ( 578 remote-servers | ipv4_address [ port integer ] | 579 ipv6_address [ port integer ] ) [ key string ]; ... }; 580 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 581 ] [ dscp integer ]; 582 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 583 * ) ] [ dscp integer ]; 584 attach-cache string; 585 auth-nxdomain boolean; // default changed 586 auto-dnssec ( allow | maintain | off ); 587 cache-file quoted_string;// deprecated 588 catalog-zones { zone string [ default-masters [ port integer ] 589 [ dscp integer ] { ( remote-servers | ipv4_address [ port 590 integer ] | ipv6_address [ port integer ] ) [ key 591 string ]; ... } ] [ zone-directory quoted_string ] [ 592 in-memory boolean ] [ min-update-interval duration ]; ... }; 593 check-dup-records ( fail | warn | ignore ); 594 check-integrity boolean; 595 check-mx ( fail | warn | ignore ); 596 check-mx-cname ( fail | warn | ignore ); 597 check-names ( primary | master | 598 secondary | slave | response ) ( 599 fail | warn | ignore ); 600 check-sibling boolean; 601 check-spf ( warn | ignore ); 602 check-srv-cname ( fail | warn | ignore ); 603 check-wildcard boolean; 604 clients-per-query integer; 605 deny-answer-addresses { address_match_element; ... } [ 606 except-from { string; ... } ]; 607 deny-answer-aliases { string; ... } [ except-from { string; ... 608 } ]; 609 dialup ( notify | notify-passive | passive | refresh | boolean ); 610 disable-algorithms string { string; 611 ... }; 612 disable-ds-digests string { string; 613 ... }; 614 disable-empty-zone string; 615 dlz string { 616 database string; 617 search boolean; 618 }; 619 dns64 netprefix { 620 break-dnssec boolean; 621 clients { address_match_element; ... }; 622 exclude { address_match_element; ... }; 623 mapped { address_match_element; ... }; 624 recursive-only boolean; 625 suffix ipv6_address; 626 }; 627 dns64-contact string; 628 dns64-server string; 629 dnskey-sig-validity integer; 630 dnsrps-enable boolean; 631 dnsrps-options { unspecified-text }; 632 dnssec-accept-expired boolean; 633 dnssec-dnskey-kskonly boolean; 634 dnssec-loadkeys-interval integer; 635 dnssec-must-be-secure string boolean; 636 dnssec-policy string; 637 dnssec-secure-to-insecure boolean; 638 dnssec-update-mode ( maintain | no-resign ); 639 dnssec-validation ( yes | no | auto ); 640 dnstap { ( all | auth | client | forwarder | resolver | update ) [ 641 ( query | response ) ]; ... }; 642 dual-stack-servers [ port integer ] { ( quoted_string [ port 643 integer ] [ dscp integer ] | ipv4_address [ port 644 integer ] [ dscp integer ] | ipv6_address [ port 645 integer ] [ dscp integer ] ); ... }; 646 dyndb string quoted_string { 647 unspecified-text }; 648 edns-udp-size integer; 649 empty-contact string; 650 empty-server string; 651 empty-zones-enable boolean; 652 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 653 fetches-per-server integer [ ( drop | fail ) ]; 654 fetches-per-zone integer [ ( drop | fail ) ]; 655 forward ( first | only ); 656 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 657 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 658 glue-cache boolean; 659 ixfr-from-differences ( primary | master | secondary | slave | 660 boolean ); 661 key string { 662 algorithm string; 663 secret string; 664 }; 665 key-directory quoted_string; 666 lame-ttl duration; 667 lmdb-mapsize sizeval; 668 managed-keys { string ( 669 static-key | initial-key 670 | static-ds | initial-ds 671 ) integer integer 672 integer 673 quoted_string; ... };, deprecated 674 masterfile-format ( map | raw | text ); 675 masterfile-style ( full | relative ); 676 match-clients { address_match_element; ... }; 677 match-destinations { address_match_element; ... }; 678 match-recursive-only boolean; 679 max-cache-size ( default | unlimited | sizeval | percentage ); 680 max-cache-ttl duration; 681 max-clients-per-query integer; 682 max-ixfr-ratio ( unlimited | percentage ); 683 max-journal-size ( default | unlimited | sizeval ); 684 max-ncache-ttl duration; 685 max-records integer; 686 max-recursion-depth integer; 687 max-recursion-queries integer; 688 max-refresh-time integer; 689 max-retry-time integer; 690 max-stale-ttl duration; 691 max-transfer-idle-in integer; 692 max-transfer-idle-out integer; 693 max-transfer-time-in integer; 694 max-transfer-time-out integer; 695 max-udp-size integer; 696 max-zone-ttl ( unlimited | duration ); 697 message-compression boolean; 698 min-cache-ttl duration; 699 min-ncache-ttl duration; 700 min-refresh-time integer; 701 min-retry-time integer; 702 minimal-any boolean; 703 minimal-responses ( no-auth | no-auth-recursive | boolean ); 704 multi-master boolean; 705 new-zones-directory quoted_string; 706 no-case-compress { address_match_element; ... }; 707 nocookie-udp-size integer; 708 notify ( explicit | master-only | primary-only | boolean ); 709 notify-delay integer; 710 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 711 dscp integer ]; 712 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 713 [ dscp integer ]; 714 notify-to-soa boolean; 715 nta-lifetime duration; 716 nta-recheck duration; 717 nxdomain-redirect string; 718 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 719 dscp integer ]; 720 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 721 ] [ dscp integer ]; 722 plugin ( query ) string [ { 723 unspecified-text } ]; 724 preferred-glue string; 725 prefetch integer [ integer ]; 726 provide-ixfr boolean; 727 qname-minimization ( strict | relaxed | disabled | off ); 728 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 729 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 730 port ( integer | * ) ) ) [ dscp integer ]; 731 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 732 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 733 port ( integer | * ) ) ) [ dscp integer ]; 734 rate-limit { 735 all-per-second integer; 736 errors-per-second integer; 737 exempt-clients { address_match_element; ... }; 738 ipv4-prefix-length integer; 739 ipv6-prefix-length integer; 740 log-only boolean; 741 max-table-size integer; 742 min-table-size integer; 743 nodata-per-second integer; 744 nxdomains-per-second integer; 745 qps-scale integer; 746 referrals-per-second integer; 747 responses-per-second integer; 748 slip integer; 749 window integer; 750 }; 751 recursion boolean; 752 request-expire boolean; 753 request-ixfr boolean; 754 request-nsid boolean; 755 require-server-cookie boolean; 756 resolver-nonbackoff-tries integer; 757 resolver-query-timeout integer; 758 resolver-retry-interval integer; 759 response-padding { address_match_element; ... } block-size 760 integer; 761 response-policy { zone string [ add-soa boolean ] [ log 762 boolean ] [ max-policy-ttl duration ] [ min-update-interval 763 duration ] [ policy ( cname | disabled | drop | given | no-op 764 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 765 recursive-only boolean ] [ nsip-enable boolean ] [ 766 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 767 break-dnssec boolean ] [ max-policy-ttl duration ] [ 768 min-update-interval duration ] [ min-ns-dots integer ] [ 769 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 770 [ recursive-only boolean ] [ nsip-enable boolean ] [ 771 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 772 dnsrps-options { unspecified-text } ]; 773 root-delegation-only [ exclude { string; ... } ]; 774 root-key-sentinel boolean; 775 rrset-order { [ class string ] [ type string ] [ name 776 quoted_string ] string string; ... }; 777 send-cookie boolean; 778 serial-update-method ( date | increment | unixtime ); 779 server netprefix { 780 bogus boolean; 781 edns boolean; 782 edns-udp-size integer; 783 edns-version integer; 784 keys server_key; 785 max-udp-size integer; 786 notify-source ( ipv4_address | * ) [ port ( integer | * 787 ) ] [ dscp integer ]; 788 notify-source-v6 ( ipv6_address | * ) [ port ( integer 789 | * ) ] [ dscp integer ]; 790 padding integer; 791 provide-ixfr boolean; 792 query-source ( ( [ address ] ( ipv4_address | * ) [ port 793 ( integer | * ) ] ) | ( [ [ address ] ( 794 ipv4_address | * ) ] port ( integer | * ) ) ) [ 795 dscp integer ]; 796 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ 797 port ( integer | * ) ] ) | ( [ [ address ] ( 798 ipv6_address | * ) ] port ( integer | * ) ) ) [ 799 dscp integer ]; 800 request-expire boolean; 801 request-ixfr boolean; 802 request-nsid boolean; 803 send-cookie boolean; 804 tcp-keepalive boolean; 805 tcp-only boolean; 806 transfer-format ( many-answers | one-answer ); 807 transfer-source ( ipv4_address | * ) [ port ( integer | 808 * ) ] [ dscp integer ]; 809 transfer-source-v6 ( ipv6_address | * ) [ port ( 810 integer | * ) ] [ dscp integer ]; 811 transfers integer; 812 }; 813 servfail-ttl duration; 814 sig-signing-nodes integer; 815 sig-signing-signatures integer; 816 sig-signing-type integer; 817 sig-validity-interval integer [ integer ]; 818 sortlist { address_match_element; ... }; 819 stale-answer-client-timeout ( disabled | off | integer ); 820 stale-answer-enable boolean; 821 stale-answer-ttl duration; 822 stale-cache-enable boolean; 823 stale-refresh-time duration; 824 synth-from-dnssec boolean; 825 transfer-format ( many-answers | one-answer ); 826 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 827 dscp integer ]; 828 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 829 ] [ dscp integer ]; 830 trust-anchor-telemetry boolean; // experimental 831 trust-anchors { string ( static-key | 832 initial-key | static-ds | initial-ds 833 ) integer integer integer 834 quoted_string; ... }; 835 trusted-keys { string 836 integer integer 837 integer 838 quoted_string; ... };, deprecated 839 try-tcp-refresh boolean; 840 update-check-ksk boolean; 841 use-alt-transfer-source boolean; 842 v6-bias integer; 843 validate-except { string; ... }; 844 zero-no-soa-ttl boolean; 845 zero-no-soa-ttl-cache boolean; 846 zone string [ class ] { 847 allow-notify { address_match_element; ... }; 848 allow-query { address_match_element; ... }; 849 allow-query-on { address_match_element; ... }; 850 allow-transfer { address_match_element; ... }; 851 allow-update { address_match_element; ... }; 852 allow-update-forwarding { address_match_element; ... }; 853 also-notify [ port integer ] [ dscp integer ] { ( 854 remote-servers | ipv4_address [ port integer ] | 855 ipv6_address [ port integer ] ) [ key string ]; 856 ... }; 857 alt-transfer-source ( ipv4_address | * ) [ port ( 858 integer | * ) ] [ dscp integer ]; 859 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( 860 integer | * ) ] [ dscp integer ]; 861 auto-dnssec ( allow | maintain | off ); 862 check-dup-records ( fail | warn | ignore ); 863 check-integrity boolean; 864 check-mx ( fail | warn | ignore ); 865 check-mx-cname ( fail | warn | ignore ); 866 check-names ( fail | warn | ignore ); 867 check-sibling boolean; 868 check-spf ( warn | ignore ); 869 check-srv-cname ( fail | warn | ignore ); 870 check-wildcard boolean; 871 database string; 872 delegation-only boolean; 873 dialup ( notify | notify-passive | passive | refresh | 874 boolean ); 875 dlz string; 876 dnskey-sig-validity integer; 877 dnssec-dnskey-kskonly boolean; 878 dnssec-loadkeys-interval integer; 879 dnssec-policy string; 880 dnssec-secure-to-insecure boolean; 881 dnssec-update-mode ( maintain | no-resign ); 882 file quoted_string; 883 forward ( first | only ); 884 forwarders [ port integer ] [ dscp integer ] { ( 885 ipv4_address | ipv6_address ) [ port integer ] [ 886 dscp integer ]; ... }; 887 in-view string; 888 inline-signing boolean; 889 ixfr-from-differences boolean; 890 journal quoted_string; 891 key-directory quoted_string; 892 masterfile-format ( map | raw | text ); 893 masterfile-style ( full | relative ); 894 masters [ port integer ] [ dscp integer ] { ( 895 remote-servers | ipv4_address [ port integer ] | 896 ipv6_address [ port integer ] ) [ key string ]; 897 ... }; 898 max-ixfr-ratio ( unlimited | percentage ); 899 max-journal-size ( default | unlimited | sizeval ); 900 max-records integer; 901 max-refresh-time integer; 902 max-retry-time integer; 903 max-transfer-idle-in integer; 904 max-transfer-idle-out integer; 905 max-transfer-time-in integer; 906 max-transfer-time-out integer; 907 max-zone-ttl ( unlimited | duration ); 908 min-refresh-time integer; 909 min-retry-time integer; 910 multi-master boolean; 911 notify ( explicit | master-only | primary-only | boolean ); 912 notify-delay integer; 913 notify-source ( ipv4_address | * ) [ port ( integer | * 914 ) ] [ dscp integer ]; 915 notify-source-v6 ( ipv6_address | * ) [ port ( integer 916 | * ) ] [ dscp integer ]; 917 notify-to-soa boolean; 918 parental-agents [ port integer ] [ dscp integer ] { ( 919 remote-servers | ipv4_address [ port integer ] | 920 ipv6_address [ port integer ] ) [ key string ]; 921 ... }; 922 parental-source ( ipv4_address | * ) [ port ( integer | 923 * ) ] [ dscp integer ]; 924 parental-source-v6 ( ipv6_address | * ) [ port ( 925 integer | * ) ] [ dscp integer ]; 926 primaries [ port integer ] [ dscp integer ] { ( 927 remote-servers | ipv4_address [ port integer ] | 928 ipv6_address [ port integer ] ) [ key string ]; 929 ... }; 930 request-expire boolean; 931 request-ixfr boolean; 932 serial-update-method ( date | increment | unixtime ); 933 server-addresses { ( ipv4_address | ipv6_address ); ... }; 934 server-names { string; ... }; 935 sig-signing-nodes integer; 936 sig-signing-signatures integer; 937 sig-signing-type integer; 938 sig-validity-interval integer [ integer ]; 939 transfer-source ( ipv4_address | * ) [ port ( integer | 940 * ) ] [ dscp integer ]; 941 transfer-source-v6 ( ipv6_address | * ) [ port ( 942 integer | * ) ] [ dscp integer ]; 943 try-tcp-refresh boolean; 944 type ( primary | master | secondary | slave | mirror | 945 delegation-only | forward | hint | redirect | 946 static-stub | stub ); 947 update-check-ksk boolean; 948 update-policy ( local | { ( deny | grant ) string ( 949 6to4-self | external | krb5-self | krb5-selfsub | 950 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 951 name | self | selfsub | selfwild | subdomain | tcp-self 952 | wildcard | zonesub ) [ string ] rrtypelist; ... }; 953 use-alt-transfer-source boolean; 954 zero-no-soa-ttl boolean; 955 zone-statistics ( full | terse | none | boolean ); 956 }; 957 zone-statistics ( full | terse | none | boolean ); 958 }; 959 960ZONE 961^^^^ 962 963:: 964 965 zone string [ class ] { 966 allow-notify { address_match_element; ... }; 967 allow-query { address_match_element; ... }; 968 allow-query-on { address_match_element; ... }; 969 allow-transfer { address_match_element; ... }; 970 allow-update { address_match_element; ... }; 971 allow-update-forwarding { address_match_element; ... }; 972 also-notify [ port integer ] [ dscp integer ] { ( 973 remote-servers | ipv4_address [ port integer ] | 974 ipv6_address [ port integer ] ) [ key string ]; ... }; 975 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 976 ] [ dscp integer ]; 977 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 978 * ) ] [ dscp integer ]; 979 auto-dnssec ( allow | maintain | off ); 980 check-dup-records ( fail | warn | ignore ); 981 check-integrity boolean; 982 check-mx ( fail | warn | ignore ); 983 check-mx-cname ( fail | warn | ignore ); 984 check-names ( fail | warn | ignore ); 985 check-sibling boolean; 986 check-spf ( warn | ignore ); 987 check-srv-cname ( fail | warn | ignore ); 988 check-wildcard boolean; 989 database string; 990 delegation-only boolean; 991 dialup ( notify | notify-passive | passive | refresh | boolean ); 992 dlz string; 993 dnskey-sig-validity integer; 994 dnssec-dnskey-kskonly boolean; 995 dnssec-loadkeys-interval integer; 996 dnssec-policy string; 997 dnssec-secure-to-insecure boolean; 998 dnssec-update-mode ( maintain | no-resign ); 999 file quoted_string; 1000 forward ( first | only ); 1001 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 1002 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 1003 in-view string; 1004 inline-signing boolean; 1005 ixfr-from-differences boolean; 1006 journal quoted_string; 1007 key-directory quoted_string; 1008 masterfile-format ( map | raw | text ); 1009 masterfile-style ( full | relative ); 1010 masters [ port integer ] [ dscp integer ] { ( remote-servers 1011 | ipv4_address [ port integer ] | ipv6_address [ port 1012 integer ] ) [ key string ]; ... }; 1013 max-ixfr-ratio ( unlimited | percentage ); 1014 max-journal-size ( default | unlimited | sizeval ); 1015 max-records integer; 1016 max-refresh-time integer; 1017 max-retry-time integer; 1018 max-transfer-idle-in integer; 1019 max-transfer-idle-out integer; 1020 max-transfer-time-in integer; 1021 max-transfer-time-out integer; 1022 max-zone-ttl ( unlimited | duration ); 1023 min-refresh-time integer; 1024 min-retry-time integer; 1025 multi-master boolean; 1026 notify ( explicit | master-only | primary-only | boolean ); 1027 notify-delay integer; 1028 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1029 dscp integer ]; 1030 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 1031 [ dscp integer ]; 1032 notify-to-soa boolean; 1033 parental-agents [ port integer ] [ dscp integer ] { ( 1034 remote-servers | ipv4_address [ port integer ] | 1035 ipv6_address [ port integer ] ) [ key string ]; ... }; 1036 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1037 dscp integer ]; 1038 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1039 ] [ dscp integer ]; 1040 primaries [ port integer ] [ dscp integer ] { ( 1041 remote-servers | ipv4_address [ port integer ] | 1042 ipv6_address [ port integer ] ) [ key string ]; ... }; 1043 request-expire boolean; 1044 request-ixfr boolean; 1045 serial-update-method ( date | increment | unixtime ); 1046 server-addresses { ( ipv4_address | ipv6_address ); ... }; 1047 server-names { string; ... }; 1048 sig-signing-nodes integer; 1049 sig-signing-signatures integer; 1050 sig-signing-type integer; 1051 sig-validity-interval integer [ integer ]; 1052 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1053 dscp integer ]; 1054 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1055 ] [ dscp integer ]; 1056 try-tcp-refresh boolean; 1057 type ( primary | master | secondary | slave | mirror | 1058 delegation-only | forward | hint | redirect | static-stub | 1059 stub ); 1060 update-check-ksk boolean; 1061 update-policy ( local | { ( deny | grant ) string ( 6to4-self | 1062 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 1063 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 1064 | subdomain | tcp-self | wildcard | zonesub ) [ string ] 1065 rrtypelist; ... }; 1066 use-alt-transfer-source boolean; 1067 zero-no-soa-ttl boolean; 1068 zone-statistics ( full | terse | none | boolean ); 1069 }; 1070 1071Files 1072~~~~~ 1073 1074``/etc/named.conf`` 1075 1076See Also 1077~~~~~~~~ 1078 1079:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. 1080 1081