1.. 2 Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4 This Source Code Form is subject to the terms of the Mozilla Public 5 License, v. 2.0. If a copy of the MPL was not distributed with this 6 file, you can obtain one at https://mozilla.org/MPL/2.0/. 7 8 See the COPYRIGHT file distributed with this work for additional 9 information regarding copyright ownership. 10 11.. highlight: console 12 13named.conf - configuration file for **named** 14--------------------------------------------- 15 16Synopsis 17~~~~~~~~ 18 19:program:`named.conf` 20 21Description 22~~~~~~~~~~~ 23 24``named.conf`` is the configuration file for ``named``. Statements are 25enclosed in braces and terminated with a semi-colon. Clauses in the 26statements are also semi-colon terminated. The usual comment styles are 27supported: 28 29C style: /\* \*/ 30 31 C++ style: // to end of line 32 33Unix style: # to end of line 34 35ACL 36^^^ 37 38:: 39 40 acl string { address_match_element; ... }; 41 42CONTROLS 43^^^^^^^^ 44 45:: 46 47 controls { 48 inet ( ipv4_address | ipv6_address | 49 * ) [ port ( integer | * ) ] allow 50 { address_match_element; ... } [ 51 keys { string; ... } ] [ read-only 52 boolean ]; 53 unix quoted_string perm integer 54 owner integer group integer [ 55 keys { string; ... } ] [ read-only 56 boolean ]; 57 }; 58 59DLZ 60^^^ 61 62:: 63 64 dlz string { 65 database string; 66 search boolean; 67 }; 68 69DNSSEC-POLICY 70^^^^^^^^^^^^^ 71 72:: 73 74 dnssec-policy string { 75 dnskey-ttl duration; 76 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 77 duration_or_unlimited algorithm string [ integer ]; ... }; 78 max-zone-ttl duration; 79 parent-ds-ttl duration; 80 parent-propagation-delay duration; 81 publish-safety duration; 82 retire-safety duration; 83 signatures-refresh duration; 84 signatures-validity duration; 85 signatures-validity-dnskey duration; 86 zone-propagation-delay duration; 87 }; 88 89DYNDB 90^^^^^ 91 92:: 93 94 dyndb string quoted_string { 95 unspecified-text }; 96 97KEY 98^^^ 99 100:: 101 102 key string { 103 algorithm string; 104 secret string; 105 }; 106 107LOGGING 108^^^^^^^ 109 110:: 111 112 logging { 113 category string { string; ... }; 114 channel string { 115 buffered boolean; 116 file quoted_string [ versions ( unlimited | integer ) ] 117 [ size size ] [ suffix ( increment | timestamp ) ]; 118 null; 119 print-category boolean; 120 print-severity boolean; 121 print-time ( iso8601 | iso8601-utc | local | boolean ); 122 severity log_severity; 123 stderr; 124 syslog [ syslog_facility ]; 125 }; 126 }; 127 128MANAGED-KEYS 129^^^^^^^^^^^^ 130 131See DNSSEC-KEYS. 132 133:: 134 135 managed-keys { string ( static-key 136 | initial-key | static-ds | 137 initial-ds ) integer integer 138 integer quoted_string; ... };, deprecated 139 140MASTERS 141^^^^^^^ 142 143:: 144 145 masters string [ port integer ] [ dscp 146 integer ] { ( masters | ipv4_address [ 147 port integer ] | ipv6_address [ port 148 integer ] ) [ key string ]; ... }; 149 150OPTIONS 151^^^^^^^ 152 153:: 154 155 options { 156 allow-new-zones boolean; 157 allow-notify { address_match_element; ... }; 158 allow-query { address_match_element; ... }; 159 allow-query-cache { address_match_element; ... }; 160 allow-query-cache-on { address_match_element; ... }; 161 allow-query-on { address_match_element; ... }; 162 allow-recursion { address_match_element; ... }; 163 allow-recursion-on { address_match_element; ... }; 164 allow-transfer { address_match_element; ... }; 165 allow-update { address_match_element; ... }; 166 allow-update-forwarding { address_match_element; ... }; 167 also-notify [ port integer ] [ dscp integer ] { ( masters | 168 ipv4_address [ port integer ] | ipv6_address [ port 169 integer ] ) [ key string ]; ... }; 170 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 171 ] [ dscp integer ]; 172 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 173 * ) ] [ dscp integer ]; 174 answer-cookie boolean; 175 attach-cache string; 176 auth-nxdomain boolean; // default changed 177 auto-dnssec ( allow | maintain | off ); 178 automatic-interface-scan boolean; 179 avoid-v4-udp-ports { portrange; ... }; 180 avoid-v6-udp-ports { portrange; ... }; 181 bindkeys-file quoted_string; 182 blackhole { address_match_element; ... }; 183 catalog-zones { zone string [ default-masters [ port integer ] 184 [ dscp integer ] { ( masters | ipv4_address [ port 185 integer ] | ipv6_address [ port integer ] ) [ key 186 string ]; ... } ] [ default-primaries [ port integer ] 187 [ dscp integer ] { ( masters | ipv4_address [ port 188 integer ] | ipv6_address [ port integer ] ) [ key 189 string ]; ... } ] [ zone-directory quoted_string ] [ 190 in-memory boolean ] [ min-update-interval duration ]; ... }; 191 check-dup-records ( fail | warn | ignore ); 192 check-integrity boolean; 193 check-mx ( fail | warn | ignore ); 194 check-mx-cname ( fail | warn | ignore ); 195 check-names ( primary | master | 196 secondary | slave | response ) ( 197 fail | warn | ignore ); 198 check-sibling boolean; 199 check-spf ( warn | ignore ); 200 check-srv-cname ( fail | warn | ignore ); 201 check-wildcard boolean; 202 clients-per-query integer; 203 cookie-algorithm ( aes | siphash24 ); 204 cookie-secret string; 205 coresize ( default | unlimited | sizeval ); 206 datasize ( default | unlimited | sizeval ); 207 deny-answer-addresses { address_match_element; ... } [ 208 except-from { string; ... } ]; 209 deny-answer-aliases { string; ... } [ except-from { string; ... 210 } ]; 211 dialup ( notify | notify-passive | passive | refresh | boolean ); 212 directory quoted_string; 213 disable-algorithms string { string; 214 ... }; 215 disable-ds-digests string { string; 216 ... }; 217 disable-empty-zone string; 218 dns64 netprefix { 219 break-dnssec boolean; 220 clients { address_match_element; ... }; 221 exclude { address_match_element; ... }; 222 mapped { address_match_element; ... }; 223 recursive-only boolean; 224 suffix ipv6_address; 225 }; 226 dns64-contact string; 227 dns64-server string; 228 dnskey-sig-validity integer; 229 dnsrps-enable boolean; 230 dnsrps-options { unspecified-text }; 231 dnssec-accept-expired boolean; 232 dnssec-dnskey-kskonly boolean; 233 dnssec-loadkeys-interval integer; 234 dnssec-must-be-secure string boolean; 235 dnssec-policy string; 236 dnssec-secure-to-insecure boolean; 237 dnssec-update-mode ( maintain | no-resign ); 238 dnssec-validation ( yes | no | auto ); 239 dnstap { ( all | auth | client | forwarder | 240 resolver | update ) [ ( query | response ) ]; 241 ... }; 242 dnstap-identity ( quoted_string | none | 243 hostname ); 244 dnstap-output ( file | unix ) quoted_string [ 245 size ( unlimited | size ) ] [ versions ( 246 unlimited | integer ) ] [ suffix ( increment 247 | timestamp ) ]; 248 dnstap-version ( quoted_string | none ); 249 dscp integer; 250 dual-stack-servers [ port integer ] { ( quoted_string [ port 251 integer ] [ dscp integer ] | ipv4_address [ port 252 integer ] [ dscp integer ] | ipv6_address [ port 253 integer ] [ dscp integer ] ); ... }; 254 dump-file quoted_string; 255 edns-udp-size integer; 256 empty-contact string; 257 empty-server string; 258 empty-zones-enable boolean; 259 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 260 fetches-per-server integer [ ( drop | fail ) ]; 261 fetches-per-zone integer [ ( drop | fail ) ]; 262 files ( default | unlimited | sizeval ); 263 flush-zones-on-shutdown boolean; 264 forward ( first | only ); 265 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 266 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 267 fstrm-set-buffer-hint integer; 268 fstrm-set-flush-timeout integer; 269 fstrm-set-input-queue-size integer; 270 fstrm-set-output-notify-threshold integer; 271 fstrm-set-output-queue-model ( mpsc | spsc ); 272 fstrm-set-output-queue-size integer; 273 fstrm-set-reopen-interval duration; 274 geoip-directory ( quoted_string | none ); 275 glue-cache boolean;, deprecated 276 heartbeat-interval integer; 277 hostname ( quoted_string | none ); 278 inline-signing boolean; 279 interface-interval duration; 280 ixfr-from-differences ( primary | master | secondary | slave | 281 boolean ); 282 keep-response-order { address_match_element; ... }; 283 key-directory quoted_string; 284 lame-ttl duration; 285 listen-on [ port integer ] [ dscp 286 integer ] { 287 address_match_element; ... }; 288 listen-on-v6 [ port integer ] [ dscp 289 integer ] { 290 address_match_element; ... }; 291 lmdb-mapsize sizeval; 292 lock-file ( quoted_string | none ); 293 managed-keys-directory quoted_string; 294 masterfile-format ( raw | text ); 295 masterfile-style ( full | relative ); 296 match-mapped-addresses boolean; 297 max-cache-size ( default | unlimited | sizeval | percentage ); 298 max-cache-ttl duration; 299 max-clients-per-query integer; 300 max-ixfr-ratio ( unlimited | percentage ); 301 max-journal-size ( default | unlimited | sizeval ); 302 max-ncache-ttl duration; 303 max-records integer; 304 max-recursion-depth integer; 305 max-recursion-queries integer; 306 max-refresh-time integer; 307 max-retry-time integer; 308 max-rsa-exponent-size integer; 309 max-stale-ttl duration; 310 max-transfer-idle-in integer; 311 max-transfer-idle-out integer; 312 max-transfer-time-in integer; 313 max-transfer-time-out integer; 314 max-udp-size integer; 315 max-zone-ttl ( unlimited | duration ); 316 memstatistics boolean; 317 memstatistics-file quoted_string; 318 message-compression boolean; 319 min-cache-ttl duration; 320 min-ncache-ttl duration; 321 min-refresh-time integer; 322 min-retry-time integer; 323 minimal-any boolean; 324 minimal-responses ( no-auth | no-auth-recursive | boolean ); 325 multi-master boolean; 326 new-zones-directory quoted_string; 327 no-case-compress { address_match_element; ... }; 328 nocookie-udp-size integer; 329 notify ( explicit | master-only | boolean ); 330 notify-delay integer; 331 notify-rate integer; 332 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 333 dscp integer ]; 334 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 335 [ dscp integer ]; 336 notify-to-soa boolean; 337 nta-lifetime duration; 338 nta-recheck duration; 339 nxdomain-redirect string; 340 pid-file ( quoted_string | none ); 341 port integer; 342 preferred-glue string; 343 prefetch integer [ integer ]; 344 provide-ixfr boolean; 345 qname-minimization ( strict | relaxed | disabled | off ); 346 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 347 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 348 port ( integer | * ) ) ) [ dscp integer ]; 349 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 350 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 351 port ( integer | * ) ) ) [ dscp integer ]; 352 querylog boolean; 353 random-device ( quoted_string | none ); 354 rate-limit { 355 all-per-second integer; 356 errors-per-second integer; 357 exempt-clients { address_match_element; ... }; 358 ipv4-prefix-length integer; 359 ipv6-prefix-length integer; 360 log-only boolean; 361 max-table-size integer; 362 min-table-size integer; 363 nodata-per-second integer; 364 nxdomains-per-second integer; 365 qps-scale integer; 366 referrals-per-second integer; 367 responses-per-second integer; 368 slip integer; 369 window integer; 370 }; 371 recursing-file quoted_string; 372 recursion boolean; 373 recursive-clients integer; 374 request-expire boolean; 375 request-ixfr boolean; 376 request-nsid boolean; 377 require-server-cookie boolean; 378 reserved-sockets integer; 379 resolver-nonbackoff-tries integer; 380 resolver-query-timeout integer; 381 resolver-retry-interval integer; 382 response-padding { address_match_element; ... } block-size 383 integer; 384 response-policy { zone string [ add-soa boolean ] [ log 385 boolean ] [ max-policy-ttl duration ] [ min-update-interval 386 duration ] [ policy ( cname | disabled | drop | given | no-op 387 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 388 recursive-only boolean ] [ nsip-enable boolean ] [ 389 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 390 break-dnssec boolean ] [ max-policy-ttl duration ] [ 391 min-update-interval duration ] [ min-ns-dots integer ] [ 392 nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean 393 ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] 394 [ nsip-enable boolean ] [ nsdname-enable boolean ] [ 395 dnsrps-enable boolean ] [ dnsrps-options { unspecified-text 396 } ]; 397 root-delegation-only [ exclude { string; ... } ]; 398 root-key-sentinel boolean; 399 rrset-order { [ class string ] [ type string ] [ name 400 quoted_string ] string string; ... }; 401 secroots-file quoted_string; 402 send-cookie boolean; 403 serial-query-rate integer; 404 serial-update-method ( date | increment | unixtime ); 405 server-id ( quoted_string | none | hostname ); 406 servfail-ttl duration; 407 session-keyalg string; 408 session-keyfile ( quoted_string | none ); 409 session-keyname string; 410 sig-signing-nodes integer; 411 sig-signing-signatures integer; 412 sig-signing-type integer; 413 sig-validity-interval integer [ integer ]; 414 sortlist { address_match_element; ... }; 415 stacksize ( default | unlimited | sizeval ); 416 stale-answer-enable boolean; 417 stale-answer-ttl duration; 418 startup-notify-rate integer; 419 statistics-file quoted_string; 420 synth-from-dnssec boolean; 421 tcp-advertised-timeout integer; 422 tcp-clients integer; 423 tcp-idle-timeout integer; 424 tcp-initial-timeout integer; 425 tcp-keepalive-timeout integer; 426 tcp-listen-queue integer; 427 tkey-dhkey quoted_string integer; 428 tkey-domain quoted_string; 429 tkey-gssapi-credential quoted_string; 430 tkey-gssapi-keytab quoted_string; 431 transfer-format ( many-answers | one-answer ); 432 transfer-message-size integer; 433 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 434 dscp integer ]; 435 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 436 ] [ dscp integer ]; 437 transfers-in integer; 438 transfers-out integer; 439 transfers-per-ns integer; 440 trust-anchor-telemetry boolean; // experimental 441 try-tcp-refresh boolean; 442 update-check-ksk boolean; 443 use-alt-transfer-source boolean; 444 use-v4-udp-ports { portrange; ... }; 445 use-v6-udp-ports { portrange; ... }; 446 v6-bias integer; 447 validate-except { string; ... }; 448 version ( quoted_string | none ); 449 zero-no-soa-ttl boolean; 450 zero-no-soa-ttl-cache boolean; 451 zone-statistics ( full | terse | none | boolean ); 452 }; 453 454PLUGIN 455^^^^^^ 456 457:: 458 459 plugin ( query ) string [ { unspecified-text 460 } ]; 461 462SERVER 463^^^^^^ 464 465:: 466 467 server netprefix { 468 bogus boolean; 469 edns boolean; 470 edns-udp-size integer; 471 edns-version integer; 472 keys server_key; 473 max-udp-size integer; 474 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 475 dscp integer ]; 476 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 477 [ dscp integer ]; 478 padding integer; 479 provide-ixfr boolean; 480 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 481 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 482 port ( integer | * ) ) ) [ dscp integer ]; 483 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 484 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 485 port ( integer | * ) ) ) [ dscp integer ]; 486 request-expire boolean; 487 request-ixfr boolean; 488 request-nsid boolean; 489 send-cookie boolean; 490 tcp-keepalive boolean; 491 tcp-only boolean; 492 transfer-format ( many-answers | one-answer ); 493 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 494 dscp integer ]; 495 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 496 ] [ dscp integer ]; 497 transfers integer; 498 }; 499 500STATISTICS-CHANNELS 501^^^^^^^^^^^^^^^^^^^ 502 503:: 504 505 statistics-channels { 506 inet ( ipv4_address | ipv6_address | 507 * ) [ port ( integer | * ) ] [ 508 allow { address_match_element; ... 509 } ]; 510 }; 511 512TRUST-ANCHORS 513^^^^^^^^^^^^^ 514 515:: 516 517 trust-anchors { string ( static-key | 518 initial-key | static-ds | initial-ds ) 519 integer integer integer 520 quoted_string; ... }; 521 522TRUSTED-KEYS 523^^^^^^^^^^^^ 524 525Deprecated - see DNSSEC-KEYS. 526 527:: 528 529 trusted-keys { string integer 530 integer integer 531 quoted_string; ... };, deprecated 532 533VIEW 534^^^^ 535 536:: 537 538 view string [ class ] { 539 allow-new-zones boolean; 540 allow-notify { address_match_element; ... }; 541 allow-query { address_match_element; ... }; 542 allow-query-cache { address_match_element; ... }; 543 allow-query-cache-on { address_match_element; ... }; 544 allow-query-on { address_match_element; ... }; 545 allow-recursion { address_match_element; ... }; 546 allow-recursion-on { address_match_element; ... }; 547 allow-transfer { address_match_element; ... }; 548 allow-update { address_match_element; ... }; 549 allow-update-forwarding { address_match_element; ... }; 550 also-notify [ port integer ] [ dscp integer ] { ( masters | 551 ipv4_address [ port integer ] | ipv6_address [ port 552 integer ] ) [ key string ]; ... }; 553 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 554 ] [ dscp integer ]; 555 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 556 * ) ] [ dscp integer ]; 557 attach-cache string; 558 auth-nxdomain boolean; // default changed 559 auto-dnssec ( allow | maintain | off ); 560 catalog-zones { zone string [ default-masters [ port integer ] 561 [ dscp integer ] { ( masters | ipv4_address [ port 562 integer ] | ipv6_address [ port integer ] ) [ key 563 string ]; ... } ] [ default-primaries [ port integer ] 564 [ dscp integer ] { ( masters | ipv4_address [ port 565 integer ] | ipv6_address [ port integer ] ) [ key 566 string ]; ... } ] [ zone-directory quoted_string ] [ 567 in-memory boolean ] [ min-update-interval duration ]; ... }; 568 check-dup-records ( fail | warn | ignore ); 569 check-integrity boolean; 570 check-mx ( fail | warn | ignore ); 571 check-mx-cname ( fail | warn | ignore ); 572 check-names ( primary | master | 573 secondary | slave | response ) ( 574 fail | warn | ignore ); 575 check-sibling boolean; 576 check-spf ( warn | ignore ); 577 check-srv-cname ( fail | warn | ignore ); 578 check-wildcard boolean; 579 clients-per-query integer; 580 deny-answer-addresses { address_match_element; ... } [ 581 except-from { string; ... } ]; 582 deny-answer-aliases { string; ... } [ except-from { string; ... 583 } ]; 584 dialup ( notify | notify-passive | passive | refresh | boolean ); 585 disable-algorithms string { string; 586 ... }; 587 disable-ds-digests string { string; 588 ... }; 589 disable-empty-zone string; 590 dlz string { 591 database string; 592 search boolean; 593 }; 594 dns64 netprefix { 595 break-dnssec boolean; 596 clients { address_match_element; ... }; 597 exclude { address_match_element; ... }; 598 mapped { address_match_element; ... }; 599 recursive-only boolean; 600 suffix ipv6_address; 601 }; 602 dns64-contact string; 603 dns64-server string; 604 dnskey-sig-validity integer; 605 dnsrps-enable boolean; 606 dnsrps-options { unspecified-text }; 607 dnssec-accept-expired boolean; 608 dnssec-dnskey-kskonly boolean; 609 dnssec-loadkeys-interval integer; 610 dnssec-must-be-secure string boolean; 611 dnssec-policy string; 612 dnssec-secure-to-insecure boolean; 613 dnssec-update-mode ( maintain | no-resign ); 614 dnssec-validation ( yes | no | auto ); 615 dnstap { ( all | auth | client | forwarder | 616 resolver | update ) [ ( query | response ) ]; 617 ... }; 618 dual-stack-servers [ port integer ] { ( quoted_string [ port 619 integer ] [ dscp integer ] | ipv4_address [ port 620 integer ] [ dscp integer ] | ipv6_address [ port 621 integer ] [ dscp integer ] ); ... }; 622 dyndb string quoted_string { 623 unspecified-text }; 624 edns-udp-size integer; 625 empty-contact string; 626 empty-server string; 627 empty-zones-enable boolean; 628 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 629 fetches-per-server integer [ ( drop | fail ) ]; 630 fetches-per-zone integer [ ( drop | fail ) ]; 631 forward ( first | only ); 632 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 633 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 634 glue-cache boolean;, deprecated 635 inline-signing boolean; 636 ixfr-from-differences ( primary | master | secondary | slave | 637 boolean ); 638 key string { 639 algorithm string; 640 secret string; 641 }; 642 key-directory quoted_string; 643 lame-ttl duration; 644 lmdb-mapsize sizeval; 645 managed-keys { string ( 646 static-key | initial-key 647 | static-ds | initial-ds 648 ) integer integer 649 integer 650 quoted_string; ... };, deprecated 651 masterfile-format ( raw | text ); 652 masterfile-style ( full | relative ); 653 match-clients { address_match_element; ... }; 654 match-destinations { address_match_element; ... }; 655 match-recursive-only boolean; 656 max-cache-size ( default | unlimited | sizeval | percentage ); 657 max-cache-ttl duration; 658 max-clients-per-query integer; 659 max-ixfr-ratio ( unlimited | percentage ); 660 max-journal-size ( default | unlimited | sizeval ); 661 max-ncache-ttl duration; 662 max-records integer; 663 max-recursion-depth integer; 664 max-recursion-queries integer; 665 max-refresh-time integer; 666 max-retry-time integer; 667 max-stale-ttl duration; 668 max-transfer-idle-in integer; 669 max-transfer-idle-out integer; 670 max-transfer-time-in integer; 671 max-transfer-time-out integer; 672 max-udp-size integer; 673 max-zone-ttl ( unlimited | duration ); 674 message-compression boolean; 675 min-cache-ttl duration; 676 min-ncache-ttl duration; 677 min-refresh-time integer; 678 min-retry-time integer; 679 minimal-any boolean; 680 minimal-responses ( no-auth | no-auth-recursive | boolean ); 681 multi-master boolean; 682 new-zones-directory quoted_string; 683 no-case-compress { address_match_element; ... }; 684 nocookie-udp-size integer; 685 notify ( explicit | master-only | boolean ); 686 notify-delay integer; 687 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 688 dscp integer ]; 689 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 690 [ dscp integer ]; 691 notify-to-soa boolean; 692 nta-lifetime duration; 693 nta-recheck duration; 694 nxdomain-redirect string; 695 plugin ( query ) string [ { 696 unspecified-text } ]; 697 preferred-glue string; 698 prefetch integer [ integer ]; 699 provide-ixfr boolean; 700 qname-minimization ( strict | relaxed | disabled | off ); 701 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 702 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 703 port ( integer | * ) ) ) [ dscp integer ]; 704 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 705 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 706 port ( integer | * ) ) ) [ dscp integer ]; 707 rate-limit { 708 all-per-second integer; 709 errors-per-second integer; 710 exempt-clients { address_match_element; ... }; 711 ipv4-prefix-length integer; 712 ipv6-prefix-length integer; 713 log-only boolean; 714 max-table-size integer; 715 min-table-size integer; 716 nodata-per-second integer; 717 nxdomains-per-second integer; 718 qps-scale integer; 719 referrals-per-second integer; 720 responses-per-second integer; 721 slip integer; 722 window integer; 723 }; 724 recursion boolean; 725 request-expire boolean; 726 request-ixfr boolean; 727 request-nsid boolean; 728 require-server-cookie boolean; 729 resolver-nonbackoff-tries integer; 730 resolver-query-timeout integer; 731 resolver-retry-interval integer; 732 response-padding { address_match_element; ... } block-size 733 integer; 734 response-policy { zone string [ add-soa boolean ] [ log 735 boolean ] [ max-policy-ttl duration ] [ min-update-interval 736 duration ] [ policy ( cname | disabled | drop | given | no-op 737 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 738 recursive-only boolean ] [ nsip-enable boolean ] [ 739 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 740 break-dnssec boolean ] [ max-policy-ttl duration ] [ 741 min-update-interval duration ] [ min-ns-dots integer ] [ 742 nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean 743 ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] 744 [ nsip-enable boolean ] [ nsdname-enable boolean ] [ 745 dnsrps-enable boolean ] [ dnsrps-options { unspecified-text 746 } ]; 747 root-delegation-only [ exclude { string; ... } ]; 748 root-key-sentinel boolean; 749 rrset-order { [ class string ] [ type string ] [ name 750 quoted_string ] string string; ... }; 751 send-cookie boolean; 752 serial-update-method ( date | increment | unixtime ); 753 server netprefix { 754 bogus boolean; 755 edns boolean; 756 edns-udp-size integer; 757 edns-version integer; 758 keys server_key; 759 max-udp-size integer; 760 notify-source ( ipv4_address | * ) [ port ( integer | * 761 ) ] [ dscp integer ]; 762 notify-source-v6 ( ipv6_address | * ) [ port ( integer 763 | * ) ] [ dscp integer ]; 764 padding integer; 765 provide-ixfr boolean; 766 query-source ( ( [ address ] ( ipv4_address | * ) [ port 767 ( integer | * ) ] ) | ( [ [ address ] ( 768 ipv4_address | * ) ] port ( integer | * ) ) ) [ 769 dscp integer ]; 770 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ 771 port ( integer | * ) ] ) | ( [ [ address ] ( 772 ipv6_address | * ) ] port ( integer | * ) ) ) [ 773 dscp integer ]; 774 request-expire boolean; 775 request-ixfr boolean; 776 request-nsid boolean; 777 send-cookie boolean; 778 tcp-keepalive boolean; 779 tcp-only boolean; 780 transfer-format ( many-answers | one-answer ); 781 transfer-source ( ipv4_address | * ) [ port ( integer | 782 * ) ] [ dscp integer ]; 783 transfer-source-v6 ( ipv6_address | * ) [ port ( 784 integer | * ) ] [ dscp integer ]; 785 transfers integer; 786 }; 787 servfail-ttl duration; 788 sig-signing-nodes integer; 789 sig-signing-signatures integer; 790 sig-signing-type integer; 791 sig-validity-interval integer [ integer ]; 792 sortlist { address_match_element; ... }; 793 stale-answer-enable boolean; 794 stale-answer-ttl duration; 795 synth-from-dnssec boolean; 796 transfer-format ( many-answers | one-answer ); 797 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 798 dscp integer ]; 799 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 800 ] [ dscp integer ]; 801 trust-anchor-telemetry boolean; // experimental 802 trust-anchors { string ( static-key | 803 initial-key | static-ds | initial-ds 804 ) integer integer integer 805 quoted_string; ... }; 806 trusted-keys { string 807 integer integer 808 integer 809 quoted_string; ... };, deprecated 810 try-tcp-refresh boolean; 811 update-check-ksk boolean; 812 use-alt-transfer-source boolean; 813 v6-bias integer; 814 validate-except { string; ... }; 815 zero-no-soa-ttl boolean; 816 zero-no-soa-ttl-cache boolean; 817 zone string [ class ] { 818 allow-notify { address_match_element; ... }; 819 allow-query { address_match_element; ... }; 820 allow-query-on { address_match_element; ... }; 821 allow-transfer { address_match_element; ... }; 822 allow-update { address_match_element; ... }; 823 allow-update-forwarding { address_match_element; ... }; 824 also-notify [ port integer ] [ dscp integer ] { ( 825 masters | ipv4_address [ port integer ] | 826 ipv6_address [ port integer ] ) [ key string ]; 827 ... }; 828 alt-transfer-source ( ipv4_address | * ) [ port ( 829 integer | * ) ] [ dscp integer ]; 830 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( 831 integer | * ) ] [ dscp integer ]; 832 auto-dnssec ( allow | maintain | off ); 833 check-dup-records ( fail | warn | ignore ); 834 check-integrity boolean; 835 check-mx ( fail | warn | ignore ); 836 check-mx-cname ( fail | warn | ignore ); 837 check-names ( fail | warn | ignore ); 838 check-sibling boolean; 839 check-spf ( warn | ignore ); 840 check-srv-cname ( fail | warn | ignore ); 841 check-wildcard boolean; 842 database string; 843 delegation-only boolean; 844 dialup ( notify | notify-passive | passive | refresh | 845 boolean ); 846 dlz string; 847 dnskey-sig-validity integer; 848 dnssec-dnskey-kskonly boolean; 849 dnssec-loadkeys-interval integer; 850 dnssec-policy string; 851 dnssec-secure-to-insecure boolean; 852 dnssec-update-mode ( maintain | no-resign ); 853 file quoted_string; 854 forward ( first | only ); 855 forwarders [ port integer ] [ dscp integer ] { ( 856 ipv4_address | ipv6_address ) [ port integer ] [ 857 dscp integer ]; ... }; 858 in-view string; 859 inline-signing boolean; 860 ixfr-from-differences boolean; 861 journal quoted_string; 862 key-directory quoted_string; 863 masterfile-format ( raw | text ); 864 masterfile-style ( full | relative ); 865 masters [ port integer ] [ dscp integer ] { ( masters 866 | ipv4_address [ port integer ] | ipv6_address [ 867 port integer ] ) [ key string ]; ... }; 868 max-ixfr-ratio ( unlimited | percentage ); 869 max-journal-size ( default | unlimited | sizeval ); 870 max-records integer; 871 max-refresh-time integer; 872 max-retry-time integer; 873 max-transfer-idle-in integer; 874 max-transfer-idle-out integer; 875 max-transfer-time-in integer; 876 max-transfer-time-out integer; 877 max-zone-ttl ( unlimited | duration ); 878 min-refresh-time integer; 879 min-retry-time integer; 880 multi-master boolean; 881 notify ( explicit | master-only | boolean ); 882 notify-delay integer; 883 notify-source ( ipv4_address | * ) [ port ( integer | * 884 ) ] [ dscp integer ]; 885 notify-source-v6 ( ipv6_address | * ) [ port ( integer 886 | * ) ] [ dscp integer ]; 887 notify-to-soa boolean; 888 request-expire boolean; 889 request-ixfr boolean; 890 serial-update-method ( date | increment | unixtime ); 891 server-addresses { ( ipv4_address | ipv6_address ); ... }; 892 server-names { string; ... }; 893 sig-signing-nodes integer; 894 sig-signing-signatures integer; 895 sig-signing-type integer; 896 sig-validity-interval integer [ integer ]; 897 transfer-source ( ipv4_address | * ) [ port ( integer | 898 * ) ] [ dscp integer ]; 899 transfer-source-v6 ( ipv6_address | * ) [ port ( 900 integer | * ) ] [ dscp integer ]; 901 try-tcp-refresh boolean; 902 type ( primary | master | secondary | slave | mirror | 903 delegation-only | forward | hint | redirect | 904 static-stub | stub ); 905 update-check-ksk boolean; 906 update-policy ( local | { ( deny | grant ) string ( 907 6to4-self | external | krb5-self | krb5-selfsub | 908 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 909 name | self | selfsub | selfwild | subdomain | tcp-self 910 | wildcard | zonesub ) [ string ] rrtypelist; ... }; 911 use-alt-transfer-source boolean; 912 zero-no-soa-ttl boolean; 913 zone-statistics ( full | terse | none | boolean ); 914 }; 915 zone-statistics ( full | terse | none | boolean ); 916 }; 917 918ZONE 919^^^^ 920 921:: 922 923 zone string [ class ] { 924 allow-notify { address_match_element; ... }; 925 allow-query { address_match_element; ... }; 926 allow-query-on { address_match_element; ... }; 927 allow-transfer { address_match_element; ... }; 928 allow-update { address_match_element; ... }; 929 allow-update-forwarding { address_match_element; ... }; 930 also-notify [ port integer ] [ dscp integer ] { ( masters | 931 ipv4_address [ port integer ] | ipv6_address [ port 932 integer ] ) [ key string ]; ... }; 933 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 934 ] [ dscp integer ]; 935 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 936 * ) ] [ dscp integer ]; 937 auto-dnssec ( allow | maintain | off ); 938 check-dup-records ( fail | warn | ignore ); 939 check-integrity boolean; 940 check-mx ( fail | warn | ignore ); 941 check-mx-cname ( fail | warn | ignore ); 942 check-names ( fail | warn | ignore ); 943 check-sibling boolean; 944 check-spf ( warn | ignore ); 945 check-srv-cname ( fail | warn | ignore ); 946 check-wildcard boolean; 947 database string; 948 delegation-only boolean; 949 dialup ( notify | notify-passive | passive | refresh | boolean ); 950 dlz string; 951 dnskey-sig-validity integer; 952 dnssec-dnskey-kskonly boolean; 953 dnssec-loadkeys-interval integer; 954 dnssec-policy string; 955 dnssec-secure-to-insecure boolean; 956 dnssec-update-mode ( maintain | no-resign ); 957 file quoted_string; 958 forward ( first | only ); 959 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 960 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 961 in-view string; 962 inline-signing boolean; 963 ixfr-from-differences boolean; 964 journal quoted_string; 965 key-directory quoted_string; 966 masterfile-format ( raw | text ); 967 masterfile-style ( full | relative ); 968 masters [ port integer ] [ dscp integer ] { ( masters | 969 ipv4_address [ port integer ] | ipv6_address [ port 970 integer ] ) [ key string ]; ... }; 971 max-ixfr-ratio ( unlimited | percentage ); 972 max-journal-size ( default | unlimited | sizeval ); 973 max-records integer; 974 max-refresh-time integer; 975 max-retry-time integer; 976 max-transfer-idle-in integer; 977 max-transfer-idle-out integer; 978 max-transfer-time-in integer; 979 max-transfer-time-out integer; 980 max-zone-ttl ( unlimited | duration ); 981 min-refresh-time integer; 982 min-retry-time integer; 983 multi-master boolean; 984 notify ( explicit | master-only | boolean ); 985 notify-delay integer; 986 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 987 dscp integer ]; 988 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 989 [ dscp integer ]; 990 notify-to-soa boolean; 991 request-expire boolean; 992 request-ixfr boolean; 993 serial-update-method ( date | increment | unixtime ); 994 server-addresses { ( ipv4_address | ipv6_address ); ... }; 995 server-names { string; ... }; 996 sig-signing-nodes integer; 997 sig-signing-signatures integer; 998 sig-signing-type integer; 999 sig-validity-interval integer [ integer ]; 1000 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1001 dscp integer ]; 1002 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1003 ] [ dscp integer ]; 1004 try-tcp-refresh boolean; 1005 type ( primary | master | secondary | slave | mirror | 1006 delegation-only | forward | hint | redirect | static-stub | 1007 stub ); 1008 update-check-ksk boolean; 1009 update-policy ( local | { ( deny | grant ) string ( 6to4-self | 1010 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 1011 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 1012 | subdomain | tcp-self | wildcard | zonesub ) [ string ] 1013 rrtypelist; ... }; 1014 use-alt-transfer-source boolean; 1015 zero-no-soa-ttl boolean; 1016 zone-statistics ( full | terse | none | boolean ); 1017 }; 1018 1019Files 1020~~~~~ 1021 1022``/etc/named.conf`` 1023 1024See Also 1025~~~~~~~~ 1026 1027:manpage:`tsig-keygen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. 1028 1029