1.. 2 Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4 This Source Code Form is subject to the terms of the Mozilla Public 5 License, v. 2.0. If a copy of the MPL was not distributed with this 6 file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 8 See the COPYRIGHT file distributed with this work for additional 9 information regarding copyright ownership. 10 11.. highlight: console 12 13named.conf - configuration file for **named** 14--------------------------------------------- 15 16Synopsis 17~~~~~~~~ 18 19:program:`named.conf` 20 21Description 22~~~~~~~~~~~ 23 24``named.conf`` is the configuration file for ``named``. Statements are 25enclosed in braces and terminated with a semi-colon. Clauses in the 26statements are also semi-colon terminated. The usual comment styles are 27supported: 28 29C style: /\* \*/ 30 31 C++ style: // to end of line 32 33Unix style: # to end of line 34 35ACL 36^^^ 37 38:: 39 40 acl string { address_match_element; ... }; 41 42CONTROLS 43^^^^^^^^ 44 45:: 46 47 controls { 48 inet ( ipv4_address | ipv6_address | 49 * ) [ port ( integer | * ) ] allow 50 { address_match_element; ... } [ 51 keys { string; ... } ] [ read-only 52 boolean ]; 53 unix quoted_string perm integer 54 owner integer group integer [ 55 keys { string; ... } ] [ read-only 56 boolean ]; 57 }; 58 59DLZ 60^^^ 61 62:: 63 64 dlz string { 65 database string; 66 search boolean; 67 }; 68 69DNSSEC-POLICY 70^^^^^^^^^^^^^ 71 72:: 73 74 dnssec-policy string { 75 dnskey-ttl duration; 76 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 77 duration_or_unlimited algorithm string [ integer ]; ... }; 78 max-zone-ttl duration; 79 parent-ds-ttl duration; 80 parent-propagation-delay duration; 81 parent-registration-delay duration; 82 publish-safety duration; 83 retire-safety duration; 84 signatures-refresh duration; 85 signatures-validity duration; 86 signatures-validity-dnskey duration; 87 zone-propagation-delay duration; 88 }; 89 90DYNDB 91^^^^^ 92 93:: 94 95 dyndb string quoted_string { 96 unspecified-text }; 97 98KEY 99^^^ 100 101:: 102 103 key string { 104 algorithm string; 105 secret string; 106 }; 107 108LOGGING 109^^^^^^^ 110 111:: 112 113 logging { 114 category string { string; ... }; 115 channel string { 116 buffered boolean; 117 file quoted_string [ versions ( unlimited | integer ) ] 118 [ size size ] [ suffix ( increment | timestamp ) ]; 119 null; 120 print-category boolean; 121 print-severity boolean; 122 print-time ( iso8601 | iso8601-utc | local | boolean ); 123 severity log_severity; 124 stderr; 125 syslog [ syslog_facility ]; 126 }; 127 }; 128 129MANAGED-KEYS 130^^^^^^^^^^^^ 131 132See DNSSEC-KEYS. 133 134:: 135 136 managed-keys { string ( static-key 137 | initial-key | static-ds | 138 initial-ds ) integer integer 139 integer quoted_string; ... };, deprecated 140 141MASTERS 142^^^^^^^ 143 144:: 145 146 masters string [ port integer ] [ dscp 147 integer ] { ( masters | ipv4_address [ 148 port integer ] | ipv6_address [ port 149 integer ] ) [ key string ]; ... }; 150 151OPTIONS 152^^^^^^^ 153 154:: 155 156 options { 157 allow-new-zones boolean; 158 allow-notify { address_match_element; ... }; 159 allow-query { address_match_element; ... }; 160 allow-query-cache { address_match_element; ... }; 161 allow-query-cache-on { address_match_element; ... }; 162 allow-query-on { address_match_element; ... }; 163 allow-recursion { address_match_element; ... }; 164 allow-recursion-on { address_match_element; ... }; 165 allow-transfer { address_match_element; ... }; 166 allow-update { address_match_element; ... }; 167 allow-update-forwarding { address_match_element; ... }; 168 also-notify [ port integer ] [ dscp integer ] { ( masters | 169 ipv4_address [ port integer ] | ipv6_address [ port 170 integer ] ) [ key string ]; ... }; 171 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 172 ] [ dscp integer ]; 173 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 174 * ) ] [ dscp integer ]; 175 answer-cookie boolean; 176 attach-cache string; 177 auth-nxdomain boolean; // default changed 178 auto-dnssec ( allow | maintain | off ); 179 automatic-interface-scan boolean; 180 avoid-v4-udp-ports { portrange; ... }; 181 avoid-v6-udp-ports { portrange; ... }; 182 bindkeys-file quoted_string; 183 blackhole { address_match_element; ... }; 184 cache-file quoted_string; 185 catalog-zones { zone string [ default-masters [ port integer ] 186 [ dscp integer ] { ( masters | ipv4_address [ port 187 integer ] | ipv6_address [ port integer ] ) [ key 188 string ]; ... } ] [ zone-directory quoted_string ] [ 189 in-memory boolean ] [ min-update-interval duration ]; ... }; 190 check-dup-records ( fail | warn | ignore ); 191 check-integrity boolean; 192 check-mx ( fail | warn | ignore ); 193 check-mx-cname ( fail | warn | ignore ); 194 check-names ( primary | master | 195 secondary | slave | response ) ( 196 fail | warn | ignore ); 197 check-sibling boolean; 198 check-spf ( warn | ignore ); 199 check-srv-cname ( fail | warn | ignore ); 200 check-wildcard boolean; 201 clients-per-query integer; 202 cookie-algorithm ( aes | siphash24 ); 203 cookie-secret string; 204 coresize ( default | unlimited | sizeval ); 205 datasize ( default | unlimited | sizeval ); 206 deny-answer-addresses { address_match_element; ... } [ 207 except-from { string; ... } ]; 208 deny-answer-aliases { string; ... } [ except-from { string; ... 209 } ]; 210 dialup ( notify | notify-passive | passive | refresh | boolean ); 211 directory quoted_string; 212 disable-algorithms string { string; 213 ... }; 214 disable-ds-digests string { string; 215 ... }; 216 disable-empty-zone string; 217 dns64 netprefix { 218 break-dnssec boolean; 219 clients { address_match_element; ... }; 220 exclude { address_match_element; ... }; 221 mapped { address_match_element; ... }; 222 recursive-only boolean; 223 suffix ipv6_address; 224 }; 225 dns64-contact string; 226 dns64-server string; 227 dnskey-sig-validity integer; 228 dnsrps-enable boolean; 229 dnsrps-options { unspecified-text }; 230 dnssec-accept-expired boolean; 231 dnssec-dnskey-kskonly boolean; 232 dnssec-loadkeys-interval integer; 233 dnssec-must-be-secure string boolean; 234 dnssec-policy string; 235 dnssec-secure-to-insecure boolean; 236 dnssec-update-mode ( maintain | no-resign ); 237 dnssec-validation ( yes | no | auto ); 238 dnstap { ( all | auth | client | forwarder | 239 resolver | update ) [ ( query | response ) ]; 240 ... }; 241 dnstap-identity ( quoted_string | none | 242 hostname ); 243 dnstap-output ( file | unix ) quoted_string [ 244 size ( unlimited | size ) ] [ versions ( 245 unlimited | integer ) ] [ suffix ( increment 246 | timestamp ) ]; 247 dnstap-version ( quoted_string | none ); 248 dscp integer; 249 dual-stack-servers [ port integer ] { ( quoted_string [ port 250 integer ] [ dscp integer ] | ipv4_address [ port 251 integer ] [ dscp integer ] | ipv6_address [ port 252 integer ] [ dscp integer ] ); ... }; 253 dump-file quoted_string; 254 edns-udp-size integer; 255 empty-contact string; 256 empty-server string; 257 empty-zones-enable boolean; 258 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 259 fetches-per-server integer [ ( drop | fail ) ]; 260 fetches-per-zone integer [ ( drop | fail ) ]; 261 files ( default | unlimited | sizeval ); 262 flush-zones-on-shutdown boolean; 263 forward ( first | only ); 264 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 265 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 266 fstrm-set-buffer-hint integer; 267 fstrm-set-flush-timeout integer; 268 fstrm-set-input-queue-size integer; 269 fstrm-set-output-notify-threshold integer; 270 fstrm-set-output-queue-model ( mpsc | spsc ); 271 fstrm-set-output-queue-size integer; 272 fstrm-set-reopen-interval duration; 273 geoip-directory ( quoted_string | none ); 274 glue-cache boolean; 275 heartbeat-interval integer; 276 hostname ( quoted_string | none ); 277 inline-signing boolean; 278 interface-interval duration; 279 ixfr-from-differences ( primary | master | secondary | slave | 280 boolean ); 281 keep-response-order { address_match_element; ... }; 282 key-directory quoted_string; 283 lame-ttl duration; 284 listen-on [ port integer ] [ dscp 285 integer ] { 286 address_match_element; ... }; 287 listen-on-v6 [ port integer ] [ dscp 288 integer ] { 289 address_match_element; ... }; 290 lmdb-mapsize sizeval; 291 lock-file ( quoted_string | none ); 292 managed-keys-directory quoted_string; 293 masterfile-format ( map | raw | text ); 294 masterfile-style ( full | relative ); 295 match-mapped-addresses boolean; 296 max-cache-size ( default | unlimited | sizeval | percentage ); 297 max-cache-ttl duration; 298 max-clients-per-query integer; 299 max-ixfr-ratio ( unlimited | percentage ); 300 max-journal-size ( default | unlimited | sizeval ); 301 max-ncache-ttl duration; 302 max-records integer; 303 max-recursion-depth integer; 304 max-recursion-queries integer; 305 max-refresh-time integer; 306 max-retry-time integer; 307 max-rsa-exponent-size integer; 308 max-stale-ttl duration; 309 max-transfer-idle-in integer; 310 max-transfer-idle-out integer; 311 max-transfer-time-in integer; 312 max-transfer-time-out integer; 313 max-udp-size integer; 314 max-zone-ttl ( unlimited | duration ); 315 memstatistics boolean; 316 memstatistics-file quoted_string; 317 message-compression boolean; 318 min-cache-ttl duration; 319 min-ncache-ttl duration; 320 min-refresh-time integer; 321 min-retry-time integer; 322 minimal-any boolean; 323 minimal-responses ( no-auth | no-auth-recursive | boolean ); 324 multi-master boolean; 325 new-zones-directory quoted_string; 326 no-case-compress { address_match_element; ... }; 327 nocookie-udp-size integer; 328 notify ( explicit | master-only | boolean ); 329 notify-delay integer; 330 notify-rate integer; 331 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 332 dscp integer ]; 333 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 334 [ dscp integer ]; 335 notify-to-soa boolean; 336 nta-lifetime duration; 337 nta-recheck duration; 338 nxdomain-redirect string; 339 pid-file ( quoted_string | none ); 340 port integer; 341 preferred-glue string; 342 prefetch integer [ integer ]; 343 provide-ixfr boolean; 344 qname-minimization ( strict | relaxed | disabled | off ); 345 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 346 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 347 port ( integer | * ) ) ) [ dscp integer ]; 348 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 349 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 350 port ( integer | * ) ) ) [ dscp integer ]; 351 querylog boolean; 352 random-device ( quoted_string | none ); 353 rate-limit { 354 all-per-second integer; 355 errors-per-second integer; 356 exempt-clients { address_match_element; ... }; 357 ipv4-prefix-length integer; 358 ipv6-prefix-length integer; 359 log-only boolean; 360 max-table-size integer; 361 min-table-size integer; 362 nodata-per-second integer; 363 nxdomains-per-second integer; 364 qps-scale integer; 365 referrals-per-second integer; 366 responses-per-second integer; 367 slip integer; 368 window integer; 369 }; 370 recursing-file quoted_string; 371 recursion boolean; 372 recursive-clients integer; 373 request-expire boolean; 374 request-ixfr boolean; 375 request-nsid boolean; 376 require-server-cookie boolean; 377 reserved-sockets integer; 378 resolver-nonbackoff-tries integer; 379 resolver-query-timeout integer; 380 resolver-retry-interval integer; 381 response-padding { address_match_element; ... } block-size 382 integer; 383 response-policy { zone string [ add-soa boolean ] [ log 384 boolean ] [ max-policy-ttl duration ] [ min-update-interval 385 duration ] [ policy ( cname | disabled | drop | given | no-op 386 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 387 recursive-only boolean ] [ nsip-enable boolean ] [ 388 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 389 break-dnssec boolean ] [ max-policy-ttl duration ] [ 390 min-update-interval duration ] [ min-ns-dots integer ] [ 391 nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean 392 ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] 393 [ nsip-enable boolean ] [ nsdname-enable boolean ] [ 394 dnsrps-enable boolean ] [ dnsrps-options { unspecified-text 395 } ]; 396 root-delegation-only [ exclude { string; ... } ]; 397 root-key-sentinel boolean; 398 rrset-order { [ class string ] [ type string ] [ name 399 quoted_string ] string string; ... }; 400 secroots-file quoted_string; 401 send-cookie boolean; 402 serial-query-rate integer; 403 serial-update-method ( date | increment | unixtime ); 404 server-id ( quoted_string | none | hostname ); 405 servfail-ttl duration; 406 session-keyalg string; 407 session-keyfile ( quoted_string | none ); 408 session-keyname string; 409 sig-signing-nodes integer; 410 sig-signing-signatures integer; 411 sig-signing-type integer; 412 sig-validity-interval integer [ integer ]; 413 sortlist { address_match_element; ... }; 414 stacksize ( default | unlimited | sizeval ); 415 stale-answer-enable boolean; 416 stale-answer-ttl duration; 417 startup-notify-rate integer; 418 statistics-file quoted_string; 419 synth-from-dnssec boolean; 420 tcp-advertised-timeout integer; 421 tcp-clients integer; 422 tcp-idle-timeout integer; 423 tcp-initial-timeout integer; 424 tcp-keepalive-timeout integer; 425 tcp-listen-queue integer; 426 tkey-dhkey quoted_string integer; 427 tkey-domain quoted_string; 428 tkey-gssapi-credential quoted_string; 429 tkey-gssapi-keytab quoted_string; 430 transfer-format ( many-answers | one-answer ); 431 transfer-message-size integer; 432 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 433 dscp integer ]; 434 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 435 ] [ dscp integer ]; 436 transfers-in integer; 437 transfers-out integer; 438 transfers-per-ns integer; 439 trust-anchor-telemetry boolean; // experimental 440 try-tcp-refresh boolean; 441 update-check-ksk boolean; 442 use-alt-transfer-source boolean; 443 use-v4-udp-ports { portrange; ... }; 444 use-v6-udp-ports { portrange; ... }; 445 v6-bias integer; 446 validate-except { string; ... }; 447 version ( quoted_string | none ); 448 zero-no-soa-ttl boolean; 449 zero-no-soa-ttl-cache boolean; 450 zone-statistics ( full | terse | none | boolean ); 451 }; 452 453PLUGIN 454^^^^^^ 455 456:: 457 458 plugin ( query ) string [ { unspecified-text 459 } ]; 460 461SERVER 462^^^^^^ 463 464:: 465 466 server netprefix { 467 bogus boolean; 468 edns boolean; 469 edns-udp-size integer; 470 edns-version integer; 471 keys server_key; 472 max-udp-size integer; 473 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 474 dscp integer ]; 475 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 476 [ dscp integer ]; 477 padding integer; 478 provide-ixfr boolean; 479 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 480 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 481 port ( integer | * ) ) ) [ dscp integer ]; 482 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 483 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 484 port ( integer | * ) ) ) [ dscp integer ]; 485 request-expire boolean; 486 request-ixfr boolean; 487 request-nsid boolean; 488 send-cookie boolean; 489 tcp-keepalive boolean; 490 tcp-only boolean; 491 transfer-format ( many-answers | one-answer ); 492 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 493 dscp integer ]; 494 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 495 ] [ dscp integer ]; 496 transfers integer; 497 }; 498 499STATISTICS-CHANNELS 500^^^^^^^^^^^^^^^^^^^ 501 502:: 503 504 statistics-channels { 505 inet ( ipv4_address | ipv6_address | 506 * ) [ port ( integer | * ) ] [ 507 allow { address_match_element; ... 508 } ]; 509 }; 510 511TRUST-ANCHORS 512^^^^^^^^^^^^^ 513 514:: 515 516 trust-anchors { string ( static-key | 517 initial-key | static-ds | initial-ds ) 518 integer integer integer 519 quoted_string; ... }; 520 521TRUSTED-KEYS 522^^^^^^^^^^^^ 523 524Deprecated - see DNSSEC-KEYS. 525 526:: 527 528 trusted-keys { string integer 529 integer integer 530 quoted_string; ... };, deprecated 531 532VIEW 533^^^^ 534 535:: 536 537 view string [ class ] { 538 allow-new-zones boolean; 539 allow-notify { address_match_element; ... }; 540 allow-query { address_match_element; ... }; 541 allow-query-cache { address_match_element; ... }; 542 allow-query-cache-on { address_match_element; ... }; 543 allow-query-on { address_match_element; ... }; 544 allow-recursion { address_match_element; ... }; 545 allow-recursion-on { address_match_element; ... }; 546 allow-transfer { address_match_element; ... }; 547 allow-update { address_match_element; ... }; 548 allow-update-forwarding { address_match_element; ... }; 549 also-notify [ port integer ] [ dscp integer ] { ( masters | 550 ipv4_address [ port integer ] | ipv6_address [ port 551 integer ] ) [ key string ]; ... }; 552 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 553 ] [ dscp integer ]; 554 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 555 * ) ] [ dscp integer ]; 556 attach-cache string; 557 auth-nxdomain boolean; // default changed 558 auto-dnssec ( allow | maintain | off ); 559 cache-file quoted_string; 560 catalog-zones { zone string [ default-masters [ port integer ] 561 [ dscp integer ] { ( masters | ipv4_address [ port 562 integer ] | ipv6_address [ port integer ] ) [ key 563 string ]; ... } ] [ zone-directory quoted_string ] [ 564 in-memory boolean ] [ min-update-interval duration ]; ... }; 565 check-dup-records ( fail | warn | ignore ); 566 check-integrity boolean; 567 check-mx ( fail | warn | ignore ); 568 check-mx-cname ( fail | warn | ignore ); 569 check-names ( primary | master | 570 secondary | slave | response ) ( 571 fail | warn | ignore ); 572 check-sibling boolean; 573 check-spf ( warn | ignore ); 574 check-srv-cname ( fail | warn | ignore ); 575 check-wildcard boolean; 576 clients-per-query integer; 577 deny-answer-addresses { address_match_element; ... } [ 578 except-from { string; ... } ]; 579 deny-answer-aliases { string; ... } [ except-from { string; ... 580 } ]; 581 dialup ( notify | notify-passive | passive | refresh | boolean ); 582 disable-algorithms string { string; 583 ... }; 584 disable-ds-digests string { string; 585 ... }; 586 disable-empty-zone string; 587 dlz string { 588 database string; 589 search boolean; 590 }; 591 dns64 netprefix { 592 break-dnssec boolean; 593 clients { address_match_element; ... }; 594 exclude { address_match_element; ... }; 595 mapped { address_match_element; ... }; 596 recursive-only boolean; 597 suffix ipv6_address; 598 }; 599 dns64-contact string; 600 dns64-server string; 601 dnskey-sig-validity integer; 602 dnsrps-enable boolean; 603 dnsrps-options { unspecified-text }; 604 dnssec-accept-expired boolean; 605 dnssec-dnskey-kskonly boolean; 606 dnssec-loadkeys-interval integer; 607 dnssec-must-be-secure string boolean; 608 dnssec-policy string; 609 dnssec-secure-to-insecure boolean; 610 dnssec-update-mode ( maintain | no-resign ); 611 dnssec-validation ( yes | no | auto ); 612 dnstap { ( all | auth | client | forwarder | 613 resolver | update ) [ ( query | response ) ]; 614 ... }; 615 dual-stack-servers [ port integer ] { ( quoted_string [ port 616 integer ] [ dscp integer ] | ipv4_address [ port 617 integer ] [ dscp integer ] | ipv6_address [ port 618 integer ] [ dscp integer ] ); ... }; 619 dyndb string quoted_string { 620 unspecified-text }; 621 edns-udp-size integer; 622 empty-contact string; 623 empty-server string; 624 empty-zones-enable boolean; 625 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 626 fetches-per-server integer [ ( drop | fail ) ]; 627 fetches-per-zone integer [ ( drop | fail ) ]; 628 forward ( first | only ); 629 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 630 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 631 glue-cache boolean; 632 inline-signing boolean; 633 ixfr-from-differences ( primary | master | secondary | slave | 634 boolean ); 635 key string { 636 algorithm string; 637 secret string; 638 }; 639 key-directory quoted_string; 640 lame-ttl duration; 641 lmdb-mapsize sizeval; 642 managed-keys { string ( 643 static-key | initial-key 644 | static-ds | initial-ds 645 ) integer integer 646 integer 647 quoted_string; ... };, deprecated 648 masterfile-format ( map | raw | text ); 649 masterfile-style ( full | relative ); 650 match-clients { address_match_element; ... }; 651 match-destinations { address_match_element; ... }; 652 match-recursive-only boolean; 653 max-cache-size ( default | unlimited | sizeval | percentage ); 654 max-cache-ttl duration; 655 max-clients-per-query integer; 656 max-ixfr-ratio ( unlimited | percentage ); 657 max-journal-size ( default | unlimited | sizeval ); 658 max-ncache-ttl duration; 659 max-records integer; 660 max-recursion-depth integer; 661 max-recursion-queries integer; 662 max-refresh-time integer; 663 max-retry-time integer; 664 max-stale-ttl duration; 665 max-transfer-idle-in integer; 666 max-transfer-idle-out integer; 667 max-transfer-time-in integer; 668 max-transfer-time-out integer; 669 max-udp-size integer; 670 max-zone-ttl ( unlimited | duration ); 671 message-compression boolean; 672 min-cache-ttl duration; 673 min-ncache-ttl duration; 674 min-refresh-time integer; 675 min-retry-time integer; 676 minimal-any boolean; 677 minimal-responses ( no-auth | no-auth-recursive | boolean ); 678 multi-master boolean; 679 new-zones-directory quoted_string; 680 no-case-compress { address_match_element; ... }; 681 nocookie-udp-size integer; 682 notify ( explicit | master-only | boolean ); 683 notify-delay integer; 684 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 685 dscp integer ]; 686 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 687 [ dscp integer ]; 688 notify-to-soa boolean; 689 nta-lifetime duration; 690 nta-recheck duration; 691 nxdomain-redirect string; 692 plugin ( query ) string [ { 693 unspecified-text } ]; 694 preferred-glue string; 695 prefetch integer [ integer ]; 696 provide-ixfr boolean; 697 qname-minimization ( strict | relaxed | disabled | off ); 698 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 699 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 700 port ( integer | * ) ) ) [ dscp integer ]; 701 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 702 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 703 port ( integer | * ) ) ) [ dscp integer ]; 704 rate-limit { 705 all-per-second integer; 706 errors-per-second integer; 707 exempt-clients { address_match_element; ... }; 708 ipv4-prefix-length integer; 709 ipv6-prefix-length integer; 710 log-only boolean; 711 max-table-size integer; 712 min-table-size integer; 713 nodata-per-second integer; 714 nxdomains-per-second integer; 715 qps-scale integer; 716 referrals-per-second integer; 717 responses-per-second integer; 718 slip integer; 719 window integer; 720 }; 721 recursion boolean; 722 request-expire boolean; 723 request-ixfr boolean; 724 request-nsid boolean; 725 require-server-cookie boolean; 726 resolver-nonbackoff-tries integer; 727 resolver-query-timeout integer; 728 resolver-retry-interval integer; 729 response-padding { address_match_element; ... } block-size 730 integer; 731 response-policy { zone string [ add-soa boolean ] [ log 732 boolean ] [ max-policy-ttl duration ] [ min-update-interval 733 duration ] [ policy ( cname | disabled | drop | given | no-op 734 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 735 recursive-only boolean ] [ nsip-enable boolean ] [ 736 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 737 break-dnssec boolean ] [ max-policy-ttl duration ] [ 738 min-update-interval duration ] [ min-ns-dots integer ] [ 739 nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean 740 ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] 741 [ nsip-enable boolean ] [ nsdname-enable boolean ] [ 742 dnsrps-enable boolean ] [ dnsrps-options { unspecified-text 743 } ]; 744 root-delegation-only [ exclude { string; ... } ]; 745 root-key-sentinel boolean; 746 rrset-order { [ class string ] [ type string ] [ name 747 quoted_string ] string string; ... }; 748 send-cookie boolean; 749 serial-update-method ( date | increment | unixtime ); 750 server netprefix { 751 bogus boolean; 752 edns boolean; 753 edns-udp-size integer; 754 edns-version integer; 755 keys server_key; 756 max-udp-size integer; 757 notify-source ( ipv4_address | * ) [ port ( integer | * 758 ) ] [ dscp integer ]; 759 notify-source-v6 ( ipv6_address | * ) [ port ( integer 760 | * ) ] [ dscp integer ]; 761 padding integer; 762 provide-ixfr boolean; 763 query-source ( ( [ address ] ( ipv4_address | * ) [ port 764 ( integer | * ) ] ) | ( [ [ address ] ( 765 ipv4_address | * ) ] port ( integer | * ) ) ) [ 766 dscp integer ]; 767 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ 768 port ( integer | * ) ] ) | ( [ [ address ] ( 769 ipv6_address | * ) ] port ( integer | * ) ) ) [ 770 dscp integer ]; 771 request-expire boolean; 772 request-ixfr boolean; 773 request-nsid boolean; 774 send-cookie boolean; 775 tcp-keepalive boolean; 776 tcp-only boolean; 777 transfer-format ( many-answers | one-answer ); 778 transfer-source ( ipv4_address | * ) [ port ( integer | 779 * ) ] [ dscp integer ]; 780 transfer-source-v6 ( ipv6_address | * ) [ port ( 781 integer | * ) ] [ dscp integer ]; 782 transfers integer; 783 }; 784 servfail-ttl duration; 785 sig-signing-nodes integer; 786 sig-signing-signatures integer; 787 sig-signing-type integer; 788 sig-validity-interval integer [ integer ]; 789 sortlist { address_match_element; ... }; 790 stale-answer-enable boolean; 791 stale-answer-ttl duration; 792 synth-from-dnssec boolean; 793 transfer-format ( many-answers | one-answer ); 794 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 795 dscp integer ]; 796 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 797 ] [ dscp integer ]; 798 trust-anchor-telemetry boolean; // experimental 799 trust-anchors { string ( static-key | 800 initial-key | static-ds | initial-ds 801 ) integer integer integer 802 quoted_string; ... }; 803 trusted-keys { string 804 integer integer 805 integer 806 quoted_string; ... };, deprecated 807 try-tcp-refresh boolean; 808 update-check-ksk boolean; 809 use-alt-transfer-source boolean; 810 v6-bias integer; 811 validate-except { string; ... }; 812 zero-no-soa-ttl boolean; 813 zero-no-soa-ttl-cache boolean; 814 zone string [ class ] { 815 allow-notify { address_match_element; ... }; 816 allow-query { address_match_element; ... }; 817 allow-query-on { address_match_element; ... }; 818 allow-transfer { address_match_element; ... }; 819 allow-update { address_match_element; ... }; 820 allow-update-forwarding { address_match_element; ... }; 821 also-notify [ port integer ] [ dscp integer ] { ( 822 masters | ipv4_address [ port integer ] | 823 ipv6_address [ port integer ] ) [ key string ]; 824 ... }; 825 alt-transfer-source ( ipv4_address | * ) [ port ( 826 integer | * ) ] [ dscp integer ]; 827 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( 828 integer | * ) ] [ dscp integer ]; 829 auto-dnssec ( allow | maintain | off ); 830 check-dup-records ( fail | warn | ignore ); 831 check-integrity boolean; 832 check-mx ( fail | warn | ignore ); 833 check-mx-cname ( fail | warn | ignore ); 834 check-names ( fail | warn | ignore ); 835 check-sibling boolean; 836 check-spf ( warn | ignore ); 837 check-srv-cname ( fail | warn | ignore ); 838 check-wildcard boolean; 839 database string; 840 delegation-only boolean; 841 dialup ( notify | notify-passive | passive | refresh | 842 boolean ); 843 dlz string; 844 dnskey-sig-validity integer; 845 dnssec-dnskey-kskonly boolean; 846 dnssec-loadkeys-interval integer; 847 dnssec-policy string; 848 dnssec-secure-to-insecure boolean; 849 dnssec-update-mode ( maintain | no-resign ); 850 file quoted_string; 851 forward ( first | only ); 852 forwarders [ port integer ] [ dscp integer ] { ( 853 ipv4_address | ipv6_address ) [ port integer ] [ 854 dscp integer ]; ... }; 855 in-view string; 856 inline-signing boolean; 857 ixfr-from-differences boolean; 858 journal quoted_string; 859 key-directory quoted_string; 860 masterfile-format ( map | raw | text ); 861 masterfile-style ( full | relative ); 862 masters [ port integer ] [ dscp integer ] { ( masters 863 | ipv4_address [ port integer ] | ipv6_address [ 864 port integer ] ) [ key string ]; ... }; 865 max-ixfr-ratio ( unlimited | percentage ); 866 max-journal-size ( default | unlimited | sizeval ); 867 max-records integer; 868 max-refresh-time integer; 869 max-retry-time integer; 870 max-transfer-idle-in integer; 871 max-transfer-idle-out integer; 872 max-transfer-time-in integer; 873 max-transfer-time-out integer; 874 max-zone-ttl ( unlimited | duration ); 875 min-refresh-time integer; 876 min-retry-time integer; 877 multi-master boolean; 878 notify ( explicit | master-only | boolean ); 879 notify-delay integer; 880 notify-source ( ipv4_address | * ) [ port ( integer | * 881 ) ] [ dscp integer ]; 882 notify-source-v6 ( ipv6_address | * ) [ port ( integer 883 | * ) ] [ dscp integer ]; 884 notify-to-soa boolean; 885 request-expire boolean; 886 request-ixfr boolean; 887 serial-update-method ( date | increment | unixtime ); 888 server-addresses { ( ipv4_address | ipv6_address ); ... }; 889 server-names { string; ... }; 890 sig-signing-nodes integer; 891 sig-signing-signatures integer; 892 sig-signing-type integer; 893 sig-validity-interval integer [ integer ]; 894 transfer-source ( ipv4_address | * ) [ port ( integer | 895 * ) ] [ dscp integer ]; 896 transfer-source-v6 ( ipv6_address | * ) [ port ( 897 integer | * ) ] [ dscp integer ]; 898 try-tcp-refresh boolean; 899 type ( primary | master | secondary | slave | mirror | 900 delegation-only | forward | hint | redirect | 901 static-stub | stub ); 902 update-check-ksk boolean; 903 update-policy ( local | { ( deny | grant ) string ( 904 6to4-self | external | krb5-self | krb5-selfsub | 905 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 906 name | self | selfsub | selfwild | subdomain | tcp-self 907 | wildcard | zonesub ) [ string ] rrtypelist; ... }; 908 use-alt-transfer-source boolean; 909 zero-no-soa-ttl boolean; 910 zone-statistics ( full | terse | none | boolean ); 911 }; 912 zone-statistics ( full | terse | none | boolean ); 913 }; 914 915ZONE 916^^^^ 917 918:: 919 920 zone string [ class ] { 921 allow-notify { address_match_element; ... }; 922 allow-query { address_match_element; ... }; 923 allow-query-on { address_match_element; ... }; 924 allow-transfer { address_match_element; ... }; 925 allow-update { address_match_element; ... }; 926 allow-update-forwarding { address_match_element; ... }; 927 also-notify [ port integer ] [ dscp integer ] { ( masters | 928 ipv4_address [ port integer ] | ipv6_address [ port 929 integer ] ) [ key string ]; ... }; 930 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 931 ] [ dscp integer ]; 932 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 933 * ) ] [ dscp integer ]; 934 auto-dnssec ( allow | maintain | off ); 935 check-dup-records ( fail | warn | ignore ); 936 check-integrity boolean; 937 check-mx ( fail | warn | ignore ); 938 check-mx-cname ( fail | warn | ignore ); 939 check-names ( fail | warn | ignore ); 940 check-sibling boolean; 941 check-spf ( warn | ignore ); 942 check-srv-cname ( fail | warn | ignore ); 943 check-wildcard boolean; 944 database string; 945 delegation-only boolean; 946 dialup ( notify | notify-passive | passive | refresh | boolean ); 947 dlz string; 948 dnskey-sig-validity integer; 949 dnssec-dnskey-kskonly boolean; 950 dnssec-loadkeys-interval integer; 951 dnssec-policy string; 952 dnssec-secure-to-insecure boolean; 953 dnssec-update-mode ( maintain | no-resign ); 954 file quoted_string; 955 forward ( first | only ); 956 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 957 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 958 in-view string; 959 inline-signing boolean; 960 ixfr-from-differences boolean; 961 journal quoted_string; 962 key-directory quoted_string; 963 masterfile-format ( map | raw | text ); 964 masterfile-style ( full | relative ); 965 masters [ port integer ] [ dscp integer ] { ( masters | 966 ipv4_address [ port integer ] | ipv6_address [ port 967 integer ] ) [ key string ]; ... }; 968 max-ixfr-ratio ( unlimited | percentage ); 969 max-journal-size ( default | unlimited | sizeval ); 970 max-records integer; 971 max-refresh-time integer; 972 max-retry-time integer; 973 max-transfer-idle-in integer; 974 max-transfer-idle-out integer; 975 max-transfer-time-in integer; 976 max-transfer-time-out integer; 977 max-zone-ttl ( unlimited | duration ); 978 min-refresh-time integer; 979 min-retry-time integer; 980 multi-master boolean; 981 notify ( explicit | master-only | boolean ); 982 notify-delay integer; 983 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 984 dscp integer ]; 985 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 986 [ dscp integer ]; 987 notify-to-soa boolean; 988 request-expire boolean; 989 request-ixfr boolean; 990 serial-update-method ( date | increment | unixtime ); 991 server-addresses { ( ipv4_address | ipv6_address ); ... }; 992 server-names { string; ... }; 993 sig-signing-nodes integer; 994 sig-signing-signatures integer; 995 sig-signing-type integer; 996 sig-validity-interval integer [ integer ]; 997 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 998 dscp integer ]; 999 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1000 ] [ dscp integer ]; 1001 try-tcp-refresh boolean; 1002 type ( primary | master | secondary | slave | mirror | 1003 delegation-only | forward | hint | redirect | static-stub | 1004 stub ); 1005 update-check-ksk boolean; 1006 update-policy ( local | { ( deny | grant ) string ( 6to4-self | 1007 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 1008 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 1009 | subdomain | tcp-self | wildcard | zonesub ) [ string ] 1010 rrtypelist; ... }; 1011 use-alt-transfer-source boolean; 1012 zero-no-soa-ttl boolean; 1013 zone-statistics ( full | terse | none | boolean ); 1014 }; 1015 1016Files 1017~~~~~ 1018 1019``/etc/named.conf`` 1020 1021See Also 1022~~~~~~~~ 1023 1024:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. 1025 1026