1.. 2 Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4 This Source Code Form is subject to the terms of the Mozilla Public 5 License, v. 2.0. If a copy of the MPL was not distributed with this 6 file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 8 See the COPYRIGHT file distributed with this work for additional 9 information regarding copyright ownership. 10 11.. highlight: console 12 13named.conf - configuration file for **named** 14--------------------------------------------- 15 16Synopsis 17~~~~~~~~ 18 19:program:`named.conf` 20 21Description 22~~~~~~~~~~~ 23 24``named.conf`` is the configuration file for ``named``. Statements are 25enclosed in braces and terminated with a semi-colon. Clauses in the 26statements are also semi-colon terminated. The usual comment styles are 27supported: 28 29C style: /\* \*/ 30 31 C++ style: // to end of line 32 33Unix style: # to end of line 34 35ACL 36^^^ 37 38:: 39 40 acl string { address_match_element; ... }; 41 42CONTROLS 43^^^^^^^^ 44 45:: 46 47 controls { 48 inet ( ipv4_address | ipv6_address | 49 * ) [ port ( integer | * ) ] allow 50 { address_match_element; ... } [ 51 keys { string; ... } ] [ read-only 52 boolean ]; 53 unix quoted_string perm integer 54 owner integer group integer [ 55 keys { string; ... } ] [ read-only 56 boolean ]; 57 }; 58 59DLZ 60^^^ 61 62:: 63 64 dlz string { 65 database string; 66 search boolean; 67 }; 68 69DNSSEC-POLICY 70^^^^^^^^^^^^^ 71 72:: 73 74 dnssec-policy string { 75 dnskey-ttl duration; 76 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 77 duration_or_unlimited algorithm string [ integer ]; ... }; 78 max-zone-ttl duration; 79 parent-ds-ttl duration; 80 parent-propagation-delay duration; 81 parent-registration-delay duration; 82 publish-safety duration; 83 retire-safety duration; 84 signatures-refresh duration; 85 signatures-validity duration; 86 signatures-validity-dnskey duration; 87 zone-propagation-delay duration; 88 }; 89 90DYNDB 91^^^^^ 92 93:: 94 95 dyndb string quoted_string { 96 unspecified-text }; 97 98KEY 99^^^ 100 101:: 102 103 key string { 104 algorithm string; 105 secret string; 106 }; 107 108LOGGING 109^^^^^^^ 110 111:: 112 113 logging { 114 category string { string; ... }; 115 channel string { 116 buffered boolean; 117 file quoted_string [ versions ( unlimited | integer ) ] 118 [ size size ] [ suffix ( increment | timestamp ) ]; 119 null; 120 print-category boolean; 121 print-severity boolean; 122 print-time ( iso8601 | iso8601-utc | local | boolean ); 123 severity log_severity; 124 stderr; 125 syslog [ syslog_facility ]; 126 }; 127 }; 128 129MANAGED-KEYS 130^^^^^^^^^^^^ 131 132See DNSSEC-KEYS. 133 134:: 135 136 managed-keys { string ( static-key 137 | initial-key | static-ds | 138 initial-ds ) integer integer 139 integer quoted_string; ... };, deprecated 140 141MASTERS 142^^^^^^^ 143 144:: 145 146 masters string [ port integer ] [ dscp 147 integer ] { ( masters | ipv4_address [ 148 port integer ] | ipv6_address [ port 149 integer ] ) [ key string ]; ... }; 150 151OPTIONS 152^^^^^^^ 153 154:: 155 156 options { 157 allow-new-zones boolean; 158 allow-notify { address_match_element; ... }; 159 allow-query { address_match_element; ... }; 160 allow-query-cache { address_match_element; ... }; 161 allow-query-cache-on { address_match_element; ... }; 162 allow-query-on { address_match_element; ... }; 163 allow-recursion { address_match_element; ... }; 164 allow-recursion-on { address_match_element; ... }; 165 allow-transfer { address_match_element; ... }; 166 allow-update { address_match_element; ... }; 167 allow-update-forwarding { address_match_element; ... }; 168 also-notify [ port integer ] [ dscp integer ] { ( masters | 169 ipv4_address [ port integer ] | ipv6_address [ port 170 integer ] ) [ key string ]; ... }; 171 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 172 ] [ dscp integer ]; 173 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 174 * ) ] [ dscp integer ]; 175 answer-cookie boolean; 176 attach-cache string; 177 auth-nxdomain boolean; // default changed 178 auto-dnssec ( allow | maintain | off ); 179 automatic-interface-scan boolean; 180 avoid-v4-udp-ports { portrange; ... }; 181 avoid-v6-udp-ports { portrange; ... }; 182 bindkeys-file quoted_string; 183 blackhole { address_match_element; ... }; 184 cache-file quoted_string; 185 catalog-zones { zone string [ default-masters [ port integer ] 186 [ dscp integer ] { ( masters | ipv4_address [ port 187 integer ] | ipv6_address [ port integer ] ) [ key 188 string ]; ... } ] [ zone-directory quoted_string ] [ 189 in-memory boolean ] [ min-update-interval duration ]; ... }; 190 check-dup-records ( fail | warn | ignore ); 191 check-integrity boolean; 192 check-mx ( fail | warn | ignore ); 193 check-mx-cname ( fail | warn | ignore ); 194 check-names ( primary | master | 195 secondary | slave | response ) ( 196 fail | warn | ignore ); 197 check-sibling boolean; 198 check-spf ( warn | ignore ); 199 check-srv-cname ( fail | warn | ignore ); 200 check-wildcard boolean; 201 clients-per-query integer; 202 cookie-algorithm ( aes | siphash24 ); 203 cookie-secret string; 204 coresize ( default | unlimited | sizeval ); 205 datasize ( default | unlimited | sizeval ); 206 deny-answer-addresses { address_match_element; ... } [ 207 except-from { string; ... } ]; 208 deny-answer-aliases { string; ... } [ except-from { string; ... 209 } ]; 210 dialup ( notify | notify-passive | passive | refresh | boolean ); 211 directory quoted_string; 212 disable-algorithms string { string; 213 ... }; 214 disable-ds-digests string { string; 215 ... }; 216 disable-empty-zone string; 217 dns64 netprefix { 218 break-dnssec boolean; 219 clients { address_match_element; ... }; 220 exclude { address_match_element; ... }; 221 mapped { address_match_element; ... }; 222 recursive-only boolean; 223 suffix ipv6_address; 224 }; 225 dns64-contact string; 226 dns64-server string; 227 dnskey-sig-validity integer; 228 dnsrps-enable boolean; 229 dnsrps-options { unspecified-text }; 230 dnssec-accept-expired boolean; 231 dnssec-dnskey-kskonly boolean; 232 dnssec-loadkeys-interval integer; 233 dnssec-must-be-secure string boolean; 234 dnssec-policy string; 235 dnssec-secure-to-insecure boolean; 236 dnssec-update-mode ( maintain | no-resign ); 237 dnssec-validation ( yes | no | auto ); 238 dnstap { ( all | auth | client | forwarder | 239 resolver | update ) [ ( query | response ) ]; 240 ... }; 241 dnstap-identity ( quoted_string | none | 242 hostname ); 243 dnstap-output ( file | unix ) quoted_string [ 244 size ( unlimited | size ) ] [ versions ( 245 unlimited | integer ) ] [ suffix ( increment 246 | timestamp ) ]; 247 dnstap-version ( quoted_string | none ); 248 dscp integer; 249 dual-stack-servers [ port integer ] { ( quoted_string [ port 250 integer ] [ dscp integer ] | ipv4_address [ port 251 integer ] [ dscp integer ] | ipv6_address [ port 252 integer ] [ dscp integer ] ); ... }; 253 dump-file quoted_string; 254 edns-udp-size integer; 255 empty-contact string; 256 empty-server string; 257 empty-zones-enable boolean; 258 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 259 fetches-per-server integer [ ( drop | fail ) ]; 260 fetches-per-zone integer [ ( drop | fail ) ]; 261 files ( default | unlimited | sizeval ); 262 flush-zones-on-shutdown boolean; 263 forward ( first | only ); 264 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 265 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 266 fstrm-set-buffer-hint integer; 267 fstrm-set-flush-timeout integer; 268 fstrm-set-input-queue-size integer; 269 fstrm-set-output-notify-threshold integer; 270 fstrm-set-output-queue-model ( mpsc | spsc ); 271 fstrm-set-output-queue-size integer; 272 fstrm-set-reopen-interval duration; 273 geoip-directory ( quoted_string | none ); 274 glue-cache boolean; 275 heartbeat-interval integer; 276 hostname ( quoted_string | none ); 277 inline-signing boolean; 278 interface-interval duration; 279 ixfr-from-differences ( primary | master | secondary | slave | 280 boolean ); 281 keep-response-order { address_match_element; ... }; 282 key-directory quoted_string; 283 lame-ttl duration; 284 listen-on [ port integer ] [ dscp 285 integer ] { 286 address_match_element; ... }; 287 listen-on-v6 [ port integer ] [ dscp 288 integer ] { 289 address_match_element; ... }; 290 lmdb-mapsize sizeval; 291 lock-file ( quoted_string | none ); 292 managed-keys-directory quoted_string; 293 masterfile-format ( map | raw | text ); 294 masterfile-style ( full | relative ); 295 match-mapped-addresses boolean; 296 max-cache-size ( default | unlimited | sizeval | percentage ); 297 max-cache-ttl duration; 298 max-clients-per-query integer; 299 max-journal-size ( default | unlimited | sizeval ); 300 max-ncache-ttl duration; 301 max-records integer; 302 max-recursion-depth integer; 303 max-recursion-queries integer; 304 max-refresh-time integer; 305 max-retry-time integer; 306 max-rsa-exponent-size integer; 307 max-stale-ttl duration; 308 max-transfer-idle-in integer; 309 max-transfer-idle-out integer; 310 max-transfer-time-in integer; 311 max-transfer-time-out integer; 312 max-udp-size integer; 313 max-zone-ttl ( unlimited | duration ); 314 memstatistics boolean; 315 memstatistics-file quoted_string; 316 message-compression boolean; 317 min-cache-ttl duration; 318 min-ncache-ttl duration; 319 min-refresh-time integer; 320 min-retry-time integer; 321 minimal-any boolean; 322 minimal-responses ( no-auth | no-auth-recursive | boolean ); 323 multi-master boolean; 324 new-zones-directory quoted_string; 325 no-case-compress { address_match_element; ... }; 326 nocookie-udp-size integer; 327 notify ( explicit | master-only | boolean ); 328 notify-delay integer; 329 notify-rate integer; 330 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 331 dscp integer ]; 332 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 333 [ dscp integer ]; 334 notify-to-soa boolean; 335 nta-lifetime duration; 336 nta-recheck duration; 337 nxdomain-redirect string; 338 pid-file ( quoted_string | none ); 339 port integer; 340 preferred-glue string; 341 prefetch integer [ integer ]; 342 provide-ixfr boolean; 343 qname-minimization ( strict | relaxed | disabled | off ); 344 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 345 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 346 port ( integer | * ) ) ) [ dscp integer ]; 347 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 348 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 349 port ( integer | * ) ) ) [ dscp integer ]; 350 querylog boolean; 351 random-device ( quoted_string | none ); 352 rate-limit { 353 all-per-second integer; 354 errors-per-second integer; 355 exempt-clients { address_match_element; ... }; 356 ipv4-prefix-length integer; 357 ipv6-prefix-length integer; 358 log-only boolean; 359 max-table-size integer; 360 min-table-size integer; 361 nodata-per-second integer; 362 nxdomains-per-second integer; 363 qps-scale integer; 364 referrals-per-second integer; 365 responses-per-second integer; 366 slip integer; 367 window integer; 368 }; 369 recursing-file quoted_string; 370 recursion boolean; 371 recursive-clients integer; 372 request-expire boolean; 373 request-ixfr boolean; 374 request-nsid boolean; 375 require-server-cookie boolean; 376 reserved-sockets integer; 377 resolver-nonbackoff-tries integer; 378 resolver-query-timeout integer; 379 resolver-retry-interval integer; 380 response-padding { address_match_element; ... } block-size 381 integer; 382 response-policy { zone string [ add-soa boolean ] [ log 383 boolean ] [ max-policy-ttl duration ] [ min-update-interval 384 duration ] [ policy ( cname | disabled | drop | given | no-op 385 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 386 recursive-only boolean ] [ nsip-enable boolean ] [ 387 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 388 break-dnssec boolean ] [ max-policy-ttl duration ] [ 389 min-update-interval duration ] [ min-ns-dots integer ] [ 390 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 391 [ recursive-only boolean ] [ nsip-enable boolean ] [ 392 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 393 dnsrps-options { unspecified-text } ]; 394 root-delegation-only [ exclude { string; ... } ]; 395 root-key-sentinel boolean; 396 rrset-order { [ class string ] [ type string ] [ name 397 quoted_string ] string string; ... }; 398 secroots-file quoted_string; 399 send-cookie boolean; 400 serial-query-rate integer; 401 serial-update-method ( date | increment | unixtime ); 402 server-id ( quoted_string | none | hostname ); 403 servfail-ttl duration; 404 session-keyalg string; 405 session-keyfile ( quoted_string | none ); 406 session-keyname string; 407 sig-signing-nodes integer; 408 sig-signing-signatures integer; 409 sig-signing-type integer; 410 sig-validity-interval integer [ integer ]; 411 sortlist { address_match_element; ... }; 412 stacksize ( default | unlimited | sizeval ); 413 stale-answer-enable boolean; 414 stale-answer-ttl duration; 415 startup-notify-rate integer; 416 statistics-file quoted_string; 417 synth-from-dnssec boolean; 418 tcp-advertised-timeout integer; 419 tcp-clients integer; 420 tcp-idle-timeout integer; 421 tcp-initial-timeout integer; 422 tcp-keepalive-timeout integer; 423 tcp-listen-queue integer; 424 tkey-dhkey quoted_string integer; 425 tkey-domain quoted_string; 426 tkey-gssapi-credential quoted_string; 427 tkey-gssapi-keytab quoted_string; 428 transfer-format ( many-answers | one-answer ); 429 transfer-message-size integer; 430 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 431 dscp integer ]; 432 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 433 ] [ dscp integer ]; 434 transfers-in integer; 435 transfers-out integer; 436 transfers-per-ns integer; 437 trust-anchor-telemetry boolean; // experimental 438 try-tcp-refresh boolean; 439 update-check-ksk boolean; 440 use-alt-transfer-source boolean; 441 use-v4-udp-ports { portrange; ... }; 442 use-v6-udp-ports { portrange; ... }; 443 v6-bias integer; 444 validate-except { string; ... }; 445 version ( quoted_string | none ); 446 zero-no-soa-ttl boolean; 447 zero-no-soa-ttl-cache boolean; 448 zone-statistics ( full | terse | none | boolean ); 449 }; 450 451PLUGIN 452^^^^^^ 453 454:: 455 456 plugin ( query ) string [ { unspecified-text 457 } ]; 458 459SERVER 460^^^^^^ 461 462:: 463 464 server netprefix { 465 bogus boolean; 466 edns boolean; 467 edns-udp-size integer; 468 edns-version integer; 469 keys server_key; 470 max-udp-size integer; 471 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 472 dscp integer ]; 473 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 474 [ dscp integer ]; 475 padding integer; 476 provide-ixfr boolean; 477 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 478 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 479 port ( integer | * ) ) ) [ dscp integer ]; 480 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 481 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 482 port ( integer | * ) ) ) [ dscp integer ]; 483 request-expire boolean; 484 request-ixfr boolean; 485 request-nsid boolean; 486 send-cookie boolean; 487 tcp-keepalive boolean; 488 tcp-only boolean; 489 transfer-format ( many-answers | one-answer ); 490 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 491 dscp integer ]; 492 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 493 ] [ dscp integer ]; 494 transfers integer; 495 }; 496 497STATISTICS-CHANNELS 498^^^^^^^^^^^^^^^^^^^ 499 500:: 501 502 statistics-channels { 503 inet ( ipv4_address | ipv6_address | 504 * ) [ port ( integer | * ) ] [ 505 allow { address_match_element; ... 506 } ]; 507 }; 508 509TRUST-ANCHORS 510^^^^^^^^^^^^^ 511 512:: 513 514 trust-anchors { string ( static-key | 515 initial-key | static-ds | initial-ds ) 516 integer integer integer 517 quoted_string; ... }; 518 519TRUSTED-KEYS 520^^^^^^^^^^^^ 521 522Deprecated - see DNSSEC-KEYS. 523 524:: 525 526 trusted-keys { string integer 527 integer integer 528 quoted_string; ... };, deprecated 529 530VIEW 531^^^^ 532 533:: 534 535 view string [ class ] { 536 allow-new-zones boolean; 537 allow-notify { address_match_element; ... }; 538 allow-query { address_match_element; ... }; 539 allow-query-cache { address_match_element; ... }; 540 allow-query-cache-on { address_match_element; ... }; 541 allow-query-on { address_match_element; ... }; 542 allow-recursion { address_match_element; ... }; 543 allow-recursion-on { address_match_element; ... }; 544 allow-transfer { address_match_element; ... }; 545 allow-update { address_match_element; ... }; 546 allow-update-forwarding { address_match_element; ... }; 547 also-notify [ port integer ] [ dscp integer ] { ( masters | 548 ipv4_address [ port integer ] | ipv6_address [ port 549 integer ] ) [ key string ]; ... }; 550 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 551 ] [ dscp integer ]; 552 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 553 * ) ] [ dscp integer ]; 554 attach-cache string; 555 auth-nxdomain boolean; // default changed 556 auto-dnssec ( allow | maintain | off ); 557 cache-file quoted_string; 558 catalog-zones { zone string [ default-masters [ port integer ] 559 [ dscp integer ] { ( masters | ipv4_address [ port 560 integer ] | ipv6_address [ port integer ] ) [ key 561 string ]; ... } ] [ zone-directory quoted_string ] [ 562 in-memory boolean ] [ min-update-interval duration ]; ... }; 563 check-dup-records ( fail | warn | ignore ); 564 check-integrity boolean; 565 check-mx ( fail | warn | ignore ); 566 check-mx-cname ( fail | warn | ignore ); 567 check-names ( primary | master | 568 secondary | slave | response ) ( 569 fail | warn | ignore ); 570 check-sibling boolean; 571 check-spf ( warn | ignore ); 572 check-srv-cname ( fail | warn | ignore ); 573 check-wildcard boolean; 574 clients-per-query integer; 575 deny-answer-addresses { address_match_element; ... } [ 576 except-from { string; ... } ]; 577 deny-answer-aliases { string; ... } [ except-from { string; ... 578 } ]; 579 dialup ( notify | notify-passive | passive | refresh | boolean ); 580 disable-algorithms string { string; 581 ... }; 582 disable-ds-digests string { string; 583 ... }; 584 disable-empty-zone string; 585 dlz string { 586 database string; 587 search boolean; 588 }; 589 dns64 netprefix { 590 break-dnssec boolean; 591 clients { address_match_element; ... }; 592 exclude { address_match_element; ... }; 593 mapped { address_match_element; ... }; 594 recursive-only boolean; 595 suffix ipv6_address; 596 }; 597 dns64-contact string; 598 dns64-server string; 599 dnskey-sig-validity integer; 600 dnsrps-enable boolean; 601 dnsrps-options { unspecified-text }; 602 dnssec-accept-expired boolean; 603 dnssec-dnskey-kskonly boolean; 604 dnssec-loadkeys-interval integer; 605 dnssec-must-be-secure string boolean; 606 dnssec-policy string; 607 dnssec-secure-to-insecure boolean; 608 dnssec-update-mode ( maintain | no-resign ); 609 dnssec-validation ( yes | no | auto ); 610 dnstap { ( all | auth | client | forwarder | 611 resolver | update ) [ ( query | response ) ]; 612 ... }; 613 dual-stack-servers [ port integer ] { ( quoted_string [ port 614 integer ] [ dscp integer ] | ipv4_address [ port 615 integer ] [ dscp integer ] | ipv6_address [ port 616 integer ] [ dscp integer ] ); ... }; 617 dyndb string quoted_string { 618 unspecified-text }; 619 edns-udp-size integer; 620 empty-contact string; 621 empty-server string; 622 empty-zones-enable boolean; 623 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 624 fetches-per-server integer [ ( drop | fail ) ]; 625 fetches-per-zone integer [ ( drop | fail ) ]; 626 forward ( first | only ); 627 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 628 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 629 glue-cache boolean; 630 inline-signing boolean; 631 ixfr-from-differences ( primary | master | secondary | slave | 632 boolean ); 633 key string { 634 algorithm string; 635 secret string; 636 }; 637 key-directory quoted_string; 638 lame-ttl duration; 639 lmdb-mapsize sizeval; 640 managed-keys { string ( 641 static-key | initial-key 642 | static-ds | initial-ds 643 ) integer integer 644 integer 645 quoted_string; ... };, deprecated 646 masterfile-format ( map | raw | text ); 647 masterfile-style ( full | relative ); 648 match-clients { address_match_element; ... }; 649 match-destinations { address_match_element; ... }; 650 match-recursive-only boolean; 651 max-cache-size ( default | unlimited | sizeval | percentage ); 652 max-cache-ttl duration; 653 max-clients-per-query integer; 654 max-journal-size ( default | unlimited | sizeval ); 655 max-ncache-ttl duration; 656 max-records integer; 657 max-recursion-depth integer; 658 max-recursion-queries integer; 659 max-refresh-time integer; 660 max-retry-time integer; 661 max-stale-ttl duration; 662 max-transfer-idle-in integer; 663 max-transfer-idle-out integer; 664 max-transfer-time-in integer; 665 max-transfer-time-out integer; 666 max-udp-size integer; 667 max-zone-ttl ( unlimited | duration ); 668 message-compression boolean; 669 min-cache-ttl duration; 670 min-ncache-ttl duration; 671 min-refresh-time integer; 672 min-retry-time integer; 673 minimal-any boolean; 674 minimal-responses ( no-auth | no-auth-recursive | boolean ); 675 multi-master boolean; 676 new-zones-directory quoted_string; 677 no-case-compress { address_match_element; ... }; 678 nocookie-udp-size integer; 679 notify ( explicit | master-only | boolean ); 680 notify-delay integer; 681 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 682 dscp integer ]; 683 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 684 [ dscp integer ]; 685 notify-to-soa boolean; 686 nta-lifetime duration; 687 nta-recheck duration; 688 nxdomain-redirect string; 689 plugin ( query ) string [ { 690 unspecified-text } ]; 691 preferred-glue string; 692 prefetch integer [ integer ]; 693 provide-ixfr boolean; 694 qname-minimization ( strict | relaxed | disabled | off ); 695 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 696 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 697 port ( integer | * ) ) ) [ dscp integer ]; 698 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 699 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 700 port ( integer | * ) ) ) [ dscp integer ]; 701 rate-limit { 702 all-per-second integer; 703 errors-per-second integer; 704 exempt-clients { address_match_element; ... }; 705 ipv4-prefix-length integer; 706 ipv6-prefix-length integer; 707 log-only boolean; 708 max-table-size integer; 709 min-table-size integer; 710 nodata-per-second integer; 711 nxdomains-per-second integer; 712 qps-scale integer; 713 referrals-per-second integer; 714 responses-per-second integer; 715 slip integer; 716 window integer; 717 }; 718 recursion boolean; 719 request-expire boolean; 720 request-ixfr boolean; 721 request-nsid boolean; 722 require-server-cookie boolean; 723 resolver-nonbackoff-tries integer; 724 resolver-query-timeout integer; 725 resolver-retry-interval integer; 726 response-padding { address_match_element; ... } block-size 727 integer; 728 response-policy { zone string [ add-soa boolean ] [ log 729 boolean ] [ max-policy-ttl duration ] [ min-update-interval 730 duration ] [ policy ( cname | disabled | drop | given | no-op 731 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 732 recursive-only boolean ] [ nsip-enable boolean ] [ 733 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 734 break-dnssec boolean ] [ max-policy-ttl duration ] [ 735 min-update-interval duration ] [ min-ns-dots integer ] [ 736 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 737 [ recursive-only boolean ] [ nsip-enable boolean ] [ 738 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 739 dnsrps-options { unspecified-text } ]; 740 root-delegation-only [ exclude { string; ... } ]; 741 root-key-sentinel boolean; 742 rrset-order { [ class string ] [ type string ] [ name 743 quoted_string ] string string; ... }; 744 send-cookie boolean; 745 serial-update-method ( date | increment | unixtime ); 746 server netprefix { 747 bogus boolean; 748 edns boolean; 749 edns-udp-size integer; 750 edns-version integer; 751 keys server_key; 752 max-udp-size integer; 753 notify-source ( ipv4_address | * ) [ port ( integer | * 754 ) ] [ dscp integer ]; 755 notify-source-v6 ( ipv6_address | * ) [ port ( integer 756 | * ) ] [ dscp integer ]; 757 padding integer; 758 provide-ixfr boolean; 759 query-source ( ( [ address ] ( ipv4_address | * ) [ port 760 ( integer | * ) ] ) | ( [ [ address ] ( 761 ipv4_address | * ) ] port ( integer | * ) ) ) [ 762 dscp integer ]; 763 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ 764 port ( integer | * ) ] ) | ( [ [ address ] ( 765 ipv6_address | * ) ] port ( integer | * ) ) ) [ 766 dscp integer ]; 767 request-expire boolean; 768 request-ixfr boolean; 769 request-nsid boolean; 770 send-cookie boolean; 771 tcp-keepalive boolean; 772 tcp-only boolean; 773 transfer-format ( many-answers | one-answer ); 774 transfer-source ( ipv4_address | * ) [ port ( integer | 775 * ) ] [ dscp integer ]; 776 transfer-source-v6 ( ipv6_address | * ) [ port ( 777 integer | * ) ] [ dscp integer ]; 778 transfers integer; 779 }; 780 servfail-ttl duration; 781 sig-signing-nodes integer; 782 sig-signing-signatures integer; 783 sig-signing-type integer; 784 sig-validity-interval integer [ integer ]; 785 sortlist { address_match_element; ... }; 786 stale-answer-enable boolean; 787 stale-answer-ttl duration; 788 synth-from-dnssec boolean; 789 transfer-format ( many-answers | one-answer ); 790 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 791 dscp integer ]; 792 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 793 ] [ dscp integer ]; 794 trust-anchor-telemetry boolean; // experimental 795 trust-anchors { string ( static-key | 796 initial-key | static-ds | initial-ds 797 ) integer integer integer 798 quoted_string; ... }; 799 trusted-keys { string 800 integer integer 801 integer 802 quoted_string; ... };, deprecated 803 try-tcp-refresh boolean; 804 update-check-ksk boolean; 805 use-alt-transfer-source boolean; 806 v6-bias integer; 807 validate-except { string; ... }; 808 zero-no-soa-ttl boolean; 809 zero-no-soa-ttl-cache boolean; 810 zone string [ class ] { 811 allow-notify { address_match_element; ... }; 812 allow-query { address_match_element; ... }; 813 allow-query-on { address_match_element; ... }; 814 allow-transfer { address_match_element; ... }; 815 allow-update { address_match_element; ... }; 816 allow-update-forwarding { address_match_element; ... }; 817 also-notify [ port integer ] [ dscp integer ] { ( 818 masters | ipv4_address [ port integer ] | 819 ipv6_address [ port integer ] ) [ key string ]; 820 ... }; 821 alt-transfer-source ( ipv4_address | * ) [ port ( 822 integer | * ) ] [ dscp integer ]; 823 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( 824 integer | * ) ] [ dscp integer ]; 825 auto-dnssec ( allow | maintain | off ); 826 check-dup-records ( fail | warn | ignore ); 827 check-integrity boolean; 828 check-mx ( fail | warn | ignore ); 829 check-mx-cname ( fail | warn | ignore ); 830 check-names ( fail | warn | ignore ); 831 check-sibling boolean; 832 check-spf ( warn | ignore ); 833 check-srv-cname ( fail | warn | ignore ); 834 check-wildcard boolean; 835 database string; 836 delegation-only boolean; 837 dialup ( notify | notify-passive | passive | refresh | 838 boolean ); 839 dlz string; 840 dnskey-sig-validity integer; 841 dnssec-dnskey-kskonly boolean; 842 dnssec-loadkeys-interval integer; 843 dnssec-policy string; 844 dnssec-secure-to-insecure boolean; 845 dnssec-update-mode ( maintain | no-resign ); 846 file quoted_string; 847 forward ( first | only ); 848 forwarders [ port integer ] [ dscp integer ] { ( 849 ipv4_address | ipv6_address ) [ port integer ] [ 850 dscp integer ]; ... }; 851 in-view string; 852 inline-signing boolean; 853 ixfr-from-differences boolean; 854 journal quoted_string; 855 key-directory quoted_string; 856 masterfile-format ( map | raw | text ); 857 masterfile-style ( full | relative ); 858 masters [ port integer ] [ dscp integer ] { ( masters 859 | ipv4_address [ port integer ] | ipv6_address [ 860 port integer ] ) [ key string ]; ... }; 861 max-journal-size ( default | unlimited | sizeval ); 862 max-records integer; 863 max-refresh-time integer; 864 max-retry-time integer; 865 max-transfer-idle-in integer; 866 max-transfer-idle-out integer; 867 max-transfer-time-in integer; 868 max-transfer-time-out integer; 869 max-zone-ttl ( unlimited | duration ); 870 min-refresh-time integer; 871 min-retry-time integer; 872 multi-master boolean; 873 notify ( explicit | master-only | boolean ); 874 notify-delay integer; 875 notify-source ( ipv4_address | * ) [ port ( integer | * 876 ) ] [ dscp integer ]; 877 notify-source-v6 ( ipv6_address | * ) [ port ( integer 878 | * ) ] [ dscp integer ]; 879 notify-to-soa boolean; 880 request-expire boolean; 881 request-ixfr boolean; 882 serial-update-method ( date | increment | unixtime ); 883 server-addresses { ( ipv4_address | ipv6_address ); ... }; 884 server-names { string; ... }; 885 sig-signing-nodes integer; 886 sig-signing-signatures integer; 887 sig-signing-type integer; 888 sig-validity-interval integer [ integer ]; 889 transfer-source ( ipv4_address | * ) [ port ( integer | 890 * ) ] [ dscp integer ]; 891 transfer-source-v6 ( ipv6_address | * ) [ port ( 892 integer | * ) ] [ dscp integer ]; 893 try-tcp-refresh boolean; 894 type ( primary | master | secondary | slave | mirror | 895 delegation-only | forward | hint | redirect | 896 static-stub | stub ); 897 update-check-ksk boolean; 898 update-policy ( local | { ( deny | grant ) string ( 899 6to4-self | external | krb5-self | krb5-selfsub | 900 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 901 name | self | selfsub | selfwild | subdomain | tcp-self 902 | wildcard | zonesub ) [ string ] rrtypelist; ... }; 903 use-alt-transfer-source boolean; 904 zero-no-soa-ttl boolean; 905 zone-statistics ( full | terse | none | boolean ); 906 }; 907 zone-statistics ( full | terse | none | boolean ); 908 }; 909 910ZONE 911^^^^ 912 913:: 914 915 zone string [ class ] { 916 allow-notify { address_match_element; ... }; 917 allow-query { address_match_element; ... }; 918 allow-query-on { address_match_element; ... }; 919 allow-transfer { address_match_element; ... }; 920 allow-update { address_match_element; ... }; 921 allow-update-forwarding { address_match_element; ... }; 922 also-notify [ port integer ] [ dscp integer ] { ( masters | 923 ipv4_address [ port integer ] | ipv6_address [ port 924 integer ] ) [ key string ]; ... }; 925 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 926 ] [ dscp integer ]; 927 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 928 * ) ] [ dscp integer ]; 929 auto-dnssec ( allow | maintain | off ); 930 check-dup-records ( fail | warn | ignore ); 931 check-integrity boolean; 932 check-mx ( fail | warn | ignore ); 933 check-mx-cname ( fail | warn | ignore ); 934 check-names ( fail | warn | ignore ); 935 check-sibling boolean; 936 check-spf ( warn | ignore ); 937 check-srv-cname ( fail | warn | ignore ); 938 check-wildcard boolean; 939 database string; 940 delegation-only boolean; 941 dialup ( notify | notify-passive | passive | refresh | boolean ); 942 dlz string; 943 dnskey-sig-validity integer; 944 dnssec-dnskey-kskonly boolean; 945 dnssec-loadkeys-interval integer; 946 dnssec-policy string; 947 dnssec-secure-to-insecure boolean; 948 dnssec-update-mode ( maintain | no-resign ); 949 file quoted_string; 950 forward ( first | only ); 951 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 952 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 953 in-view string; 954 inline-signing boolean; 955 ixfr-from-differences boolean; 956 journal quoted_string; 957 key-directory quoted_string; 958 masterfile-format ( map | raw | text ); 959 masterfile-style ( full | relative ); 960 masters [ port integer ] [ dscp integer ] { ( masters | 961 ipv4_address [ port integer ] | ipv6_address [ port 962 integer ] ) [ key string ]; ... }; 963 max-journal-size ( default | unlimited | sizeval ); 964 max-records integer; 965 max-refresh-time integer; 966 max-retry-time integer; 967 max-transfer-idle-in integer; 968 max-transfer-idle-out integer; 969 max-transfer-time-in integer; 970 max-transfer-time-out integer; 971 max-zone-ttl ( unlimited | duration ); 972 min-refresh-time integer; 973 min-retry-time integer; 974 multi-master boolean; 975 notify ( explicit | master-only | boolean ); 976 notify-delay integer; 977 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 978 dscp integer ]; 979 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 980 [ dscp integer ]; 981 notify-to-soa boolean; 982 request-expire boolean; 983 request-ixfr boolean; 984 serial-update-method ( date | increment | unixtime ); 985 server-addresses { ( ipv4_address | ipv6_address ); ... }; 986 server-names { string; ... }; 987 sig-signing-nodes integer; 988 sig-signing-signatures integer; 989 sig-signing-type integer; 990 sig-validity-interval integer [ integer ]; 991 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 992 dscp integer ]; 993 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 994 ] [ dscp integer ]; 995 try-tcp-refresh boolean; 996 type ( primary | master | secondary | slave | mirror | 997 delegation-only | forward | hint | redirect | static-stub | 998 stub ); 999 update-check-ksk boolean; 1000 update-policy ( local | { ( deny | grant ) string ( 6to4-self | 1001 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 1002 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 1003 | subdomain | tcp-self | wildcard | zonesub ) [ string ] 1004 rrtypelist; ... }; 1005 use-alt-transfer-source boolean; 1006 zero-no-soa-ttl boolean; 1007 zone-statistics ( full | terse | none | boolean ); 1008 }; 1009 1010Files 1011~~~~~ 1012 1013``/etc/named.conf`` 1014 1015See Also 1016~~~~~~~~ 1017 1018:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. 1019 1020