1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ --> 21<refentry> 22 <refentryinfo> 23 <date>Aug 13, 2004</date> 24 </refentryinfo> 25 26 <refmeta> 27 <refentrytitle><filename>named.conf</filename></refentrytitle> 28 <manvolnum>5</manvolnum> 29 <refmiscinfo>BIND9</refmiscinfo> 30 </refmeta> 31 32 <refnamediv> 33 <refname><filename>named.conf</filename></refname> 34 <refpurpose>configuration file for named</refpurpose> 35 </refnamediv> 36 37 <docinfo> 38 <copyright> 39 <year>2004</year> 40 <year>2005</year> 41 <year>2006</year> 42 <year>2007</year> 43 <year>2008</year> 44 <year>2009</year> 45 <year>2010</year> 46 <year>2011</year> 47 <year>2013</year> 48 <year>2014</year> 49 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 50 </copyright> 51 </docinfo> 52 53 <refsynopsisdiv> 54 <cmdsynopsis> 55 <command>named.conf</command> 56 </cmdsynopsis> 57 </refsynopsisdiv> 58 59 <refsect1> 60 <title>DESCRIPTION</title> 61 <para><filename>named.conf</filename> is the configuration file 62 for 63 <command>named</command>. Statements are enclosed 64 in braces and terminated with a semi-colon. Clauses in 65 the statements are also semi-colon terminated. The usual 66 comment styles are supported: 67 </para> 68 <para> 69 C style: /* */ 70 </para> 71 <para> 72 C++ style: // to end of line 73 </para> 74 <para> 75 Unix style: # to end of line 76 </para> 77 </refsect1> 78 79 <refsect1> 80 <title>ACL</title> 81 <literallayout> 82acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... }; 83 84</literallayout> 85 </refsect1> 86 87 <refsect1> 88 <title>KEY</title> 89 <literallayout> 90key <replaceable>domain_name</replaceable> { 91 algorithm <replaceable>string</replaceable>; 92 secret <replaceable>string</replaceable>; 93}; 94</literallayout> 95 </refsect1> 96 97 <refsect1> 98 <title>MASTERS</title> 99 <literallayout> 100masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> { 101 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 102 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 103}; 104</literallayout> 105 </refsect1> 106 107 <refsect1> 108 <title>SERVER</title> 109 <literallayout> 110server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 111 bogus <replaceable>boolean</replaceable>; 112 edns <replaceable>boolean</replaceable>; 113 edns-udp-size <replaceable>integer</replaceable>; 114 max-udp-size <replaceable>integer</replaceable>; 115 provide-ixfr <replaceable>boolean</replaceable>; 116 request-ixfr <replaceable>boolean</replaceable>; 117 keys <replaceable>server_key</replaceable>; 118 transfers <replaceable>integer</replaceable>; 119 transfer-format ( many-answers | one-answer ); 120 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 122 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 123 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 124 125 support-ixfr <replaceable>boolean</replaceable>; // obsolete 126}; 127</literallayout> 128 </refsect1> 129 130 <refsect1> 131 <title>TRUSTED-KEYS</title> 132 <literallayout> 133trusted-keys { 134 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 135}; 136</literallayout> 137 </refsect1> 138 139 <refsect1> 140 <title>MANAGED-KEYS</title> 141 <literallayout> 142managed-keys { 143 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 144}; 145</literallayout> 146 </refsect1> 147 148 <refsect1> 149 <title>CONTROLS</title> 150 <literallayout> 151controls { 152 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * ) 153 <optional> port ( <replaceable>integer</replaceable> | * ) </optional> 154 allow { <replaceable>address_match_element</replaceable>; ... } 155 <optional> keys { <replaceable>string</replaceable>; ... } </optional>; 156 unix <replaceable>unsupported</replaceable>; // not implemented 157}; 158</literallayout> 159 </refsect1> 160 161 <refsect1> 162 <title>LOGGING</title> 163 <literallayout> 164logging { 165 channel <replaceable>string</replaceable> { 166 file <replaceable>log_file</replaceable>; 167 syslog <replaceable>optional_facility</replaceable>; 168 null; 169 stderr; 170 severity <replaceable>log_severity</replaceable>; 171 print-time <replaceable>boolean</replaceable>; 172 print-severity <replaceable>boolean</replaceable>; 173 print-category <replaceable>boolean</replaceable>; 174 }; 175 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 176}; 177</literallayout> 178 </refsect1> 179 180 <refsect1> 181 <title>LWRES</title> 182 <literallayout> 183lwres { 184 listen-on <optional> port <replaceable>integer</replaceable> </optional> { 185 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 186 }; 187 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>; 188 search { <replaceable>string</replaceable>; ... }; 189 ndots <replaceable>integer</replaceable>; 190}; 191</literallayout> 192 </refsect1> 193 194 <refsect1> 195 <title>OPTIONS</title> 196 <literallayout> 197options { 198 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... }; 199 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... }; 200 blackhole { <replaceable>address_match_element</replaceable>; ... }; 201 coresize <replaceable>size</replaceable>; 202 datasize <replaceable>size</replaceable>; 203 directory <replaceable>quoted_string</replaceable>; 204 dump-file <replaceable>quoted_string</replaceable>; 205 files <replaceable>size</replaceable>; 206 heartbeat-interval <replaceable>integer</replaceable>; 207 host-statistics <replaceable>boolean</replaceable>; // not implemented 208 host-statistics-max <replaceable>number</replaceable>; // not implemented 209 hostname ( <replaceable>quoted_string</replaceable> | none ); 210 interface-interval <replaceable>integer</replaceable>; 211 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 212 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 213 match-mapped-addresses <replaceable>boolean</replaceable>; 214 memstatistics-file <replaceable>quoted_string</replaceable>; 215 pid-file ( <replaceable>quoted_string</replaceable> | none ); 216 port <replaceable>integer</replaceable>; 217 querylog <replaceable>boolean</replaceable>; 218 recursing-file <replaceable>quoted_string</replaceable>; 219 reserved-sockets <replaceable>integer</replaceable>; 220 random-device <replaceable>quoted_string</replaceable>; 221 recursive-clients <replaceable>integer</replaceable>; 222 serial-query-rate <replaceable>integer</replaceable>; 223 server-id ( <replaceable>quoted_string</replaceable> | hostname | none ); 224 stacksize <replaceable>size</replaceable>; 225 statistics-file <replaceable>quoted_string</replaceable>; 226 statistics-interval <replaceable>integer</replaceable>; // not yet implemented 227 tcp-clients <replaceable>integer</replaceable>; 228 tcp-listen-queue <replaceable>integer</replaceable>; 229 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>; 230 tkey-gssapi-credential <replaceable>quoted_string</replaceable>; 231 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>; 232 tkey-domain <replaceable>quoted_string</replaceable>; 233 transfers-per-ns <replaceable>integer</replaceable>; 234 transfers-in <replaceable>integer</replaceable>; 235 transfers-out <replaceable>integer</replaceable>; 236 use-ixfr <replaceable>boolean</replaceable>; 237 version ( <replaceable>quoted_string</replaceable> | none ); 238 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 239 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 240 sortlist { <replaceable>address_match_element</replaceable>; ... }; 241 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 242 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 243 minimal-responses <replaceable>boolean</replaceable>; 244 recursion <replaceable>boolean</replaceable>; 245 rrset-order { 246 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 247 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 248 }; 249 provide-ixfr <replaceable>boolean</replaceable>; 250 request-ixfr <replaceable>boolean</replaceable>; 251 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 252 additional-from-auth <replaceable>boolean</replaceable>; 253 additional-from-cache <replaceable>boolean</replaceable>; 254 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 255 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 256 use-queryport-pool <replaceable>boolean</replaceable>; 257 queryport-pool-ports <replaceable>integer</replaceable>; 258 queryport-pool-updateinterval <replaceable>integer</replaceable>; 259 cleaning-interval <replaceable>integer</replaceable>; 260 resolver-query-timeout <replaceable>integer</replaceable>; 261 min-roots <replaceable>integer</replaceable>; // not implemented 262 lame-ttl <replaceable>integer</replaceable>; 263 max-ncache-ttl <replaceable>integer</replaceable>; 264 max-cache-ttl <replaceable>integer</replaceable>; 265 transfer-format ( many-answers | one-answer ); 266 max-cache-size <replaceable>size</replaceable>; 267 max-acache-size <replaceable>size</replaceable>; 268 clients-per-query <replaceable>number</replaceable>; 269 max-clients-per-query <replaceable>number</replaceable>; 270 check-names ( master | slave | response ) 271 ( fail | warn | ignore ); 272 check-mx ( fail | warn | ignore ); 273 check-integrity <replaceable>boolean</replaceable>; 274 check-mx-cname ( fail | warn | ignore ); 275 check-srv-cname ( fail | warn | ignore ); 276 cache-file <replaceable>quoted_string</replaceable>; // test option 277 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 278 preferred-glue <replaceable>string</replaceable>; 279 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 280 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 281 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 282 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 283 }; 284 edns-udp-size <replaceable>integer</replaceable>; 285 max-udp-size <replaceable>integer</replaceable>; 286 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 287 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 288 dnssec-enable <replaceable>boolean</replaceable>; 289 dnssec-validation <replaceable>boolean</replaceable>; 290 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 291 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 292 dnssec-accept-expired <replaceable>boolean</replaceable>; 293 294 dns64-server <replaceable>string</replaceable>; 295 dns64-contact <replaceable>string</replaceable>; 296 dns64 <replaceable>prefix</replaceable> { 297 clients { <replacable>acl</replacable>; }; 298 exclude { <replacable>acl</replacable>; }; 299 mapped { <replacable>acl</replacable>; }; 300 break-dnssec <replaceable>boolean</replaceable>; 301 recursive-only <replaceable>boolean</replaceable>; 302 suffix <replaceable>ipv6_address</replaceable>; 303 }; 304 305 empty-server <replaceable>string</replaceable>; 306 empty-contact <replaceable>string</replaceable>; 307 empty-zones-enable <replaceable>boolean</replaceable>; 308 disable-empty-zone <replaceable>string</replaceable>; 309 310 dialup <replaceable>dialuptype</replaceable>; 311 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 312 313 allow-query { <replaceable>address_match_element</replaceable>; ... }; 314 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 315 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 316 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 317 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 318 allow-update { <replaceable>address_match_element</replaceable>; ... }; 319 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 320 update-check-ksk <replaceable>boolean</replaceable>; 321 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 322 323 masterfile-format ( text | raw ); 324 notify <replaceable>notifytype</replaceable>; 325 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 326 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 327 notify-delay <replaceable>seconds</replaceable>; 328 notify-to-soa <replaceable>boolean</replaceable>; 329 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 330 <optional> port <replaceable>integer</replaceable> </optional>; ... 331 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 332 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 333 334 forward ( first | only ); 335 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 336 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 337 }; 338 339 max-journal-size <replaceable>size_no_default</replaceable>; 340 max-transfer-time-in <replaceable>integer</replaceable>; 341 max-transfer-time-out <replaceable>integer</replaceable>; 342 max-transfer-idle-in <replaceable>integer</replaceable>; 343 max-transfer-idle-out <replaceable>integer</replaceable>; 344 max-retry-time <replaceable>integer</replaceable>; 345 min-retry-time <replaceable>integer</replaceable>; 346 max-refresh-time <replaceable>integer</replaceable>; 347 min-refresh-time <replaceable>integer</replaceable>; 348 multi-master <replaceable>boolean</replaceable>; 349 350 sig-validity-interval <replaceable>integer</replaceable>; 351 sig-re-signing-interval <replaceable>integer</replaceable>; 352 sig-signing-nodes <replaceable>integer</replaceable>; 353 sig-signing-signatures <replaceable>integer</replaceable>; 354 sig-signing-type <replaceable>integer</replaceable>; 355 356 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 357 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 358 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 359 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 360 361 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 362 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 363 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 364 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 365 use-alt-transfer-source <replaceable>boolean</replaceable>; 366 367 zone-statistics <replaceable>boolean</replaceable>; 368 key-directory <replaceable>quoted_string</replaceable>; 369 managed-keys-directory <replaceable>quoted_string</replaceable>; 370 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; 371 try-tcp-refresh <replaceable>boolean</replaceable>; 372 zero-no-soa-ttl <replaceable>boolean</replaceable>; 373 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 374 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 375 deny-answer-addresses { 376 <replaceable>address_match_list</replaceable> 377 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 378 deny-answer-aliases { 379 <replaceable>namelist</replaceable> 380 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 381 382 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 383 384 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 385 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete 386 fake-iquery <replaceable>boolean</replaceable>; // obsolete 387 fetch-glue <replaceable>boolean</replaceable>; // obsolete 388 has-old-clients <replaceable>boolean</replaceable>; // obsolete 389 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 390 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 391 multiple-cnames <replaceable>boolean</replaceable>; // obsolete 392 named-xfer <replaceable>quoted_string</replaceable>; // obsolete 393 serial-queries <replaceable>integer</replaceable>; // obsolete 394 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete 395 use-id-pool <replaceable>boolean</replaceable>; // obsolete 396}; 397</literallayout> 398 </refsect1> 399 400 <refsect1> 401 <title>VIEW</title> 402 <literallayout> 403view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 404 match-clients { <replaceable>address_match_element</replaceable>; ... }; 405 match-destinations { <replaceable>address_match_element</replaceable>; ... }; 406 match-recursive-only <replaceable>boolean</replaceable>; 407 408 key <replaceable>string</replaceable> { 409 algorithm <replaceable>string</replaceable>; 410 secret <replaceable>string</replaceable>; 411 }; 412 413 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 414 ... 415 }; 416 417 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 418 ... 419 }; 420 421 trusted-keys { 422 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; 423 <optional>...</optional> 424 }; 425 426 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 427 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 428 sortlist { <replaceable>address_match_element</replaceable>; ... }; 429 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 430 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 431 minimal-responses <replaceable>boolean</replaceable>; 432 recursion <replaceable>boolean</replaceable>; 433 rrset-order { 434 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 435 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 436 }; 437 provide-ixfr <replaceable>boolean</replaceable>; 438 request-ixfr <replaceable>boolean</replaceable>; 439 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 440 additional-from-auth <replaceable>boolean</replaceable>; 441 additional-from-cache <replaceable>boolean</replaceable>; 442 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 443 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 444 use-queryport-pool <replaceable>boolean</replaceable>; 445 queryport-pool-ports <replaceable>integer</replaceable>; 446 queryport-pool-updateinterval <replaceable>integer</replaceable>; 447 cleaning-interval <replaceable>integer</replaceable>; 448 resolver-query-timeout <replaceable>integer</replaceable>; 449 min-roots <replaceable>integer</replaceable>; // not implemented 450 lame-ttl <replaceable>integer</replaceable>; 451 max-ncache-ttl <replaceable>integer</replaceable>; 452 max-cache-ttl <replaceable>integer</replaceable>; 453 transfer-format ( many-answers | one-answer ); 454 max-cache-size <replaceable>size</replaceable>; 455 max-acache-size <replaceable>size</replaceable>; 456 clients-per-query <replaceable>number</replaceable>; 457 max-clients-per-query <replaceable>number</replaceable>; 458 check-names ( master | slave | response ) 459 ( fail | warn | ignore ); 460 check-mx ( fail | warn | ignore ); 461 check-integrity <replaceable>boolean</replaceable>; 462 check-mx-cname ( fail | warn | ignore ); 463 check-srv-cname ( fail | warn | ignore ); 464 cache-file <replaceable>quoted_string</replaceable>; // test option 465 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 466 preferred-glue <replaceable>string</replaceable>; 467 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 468 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 469 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 470 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 471 }; 472 edns-udp-size <replaceable>integer</replaceable>; 473 max-udp-size <replaceable>integer</replaceable>; 474 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 475 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 476 dnssec-enable <replaceable>boolean</replaceable>; 477 dnssec-validation <replaceable>boolean</replaceable>; 478 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 479 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 480 dnssec-accept-expired <replaceable>boolean</replaceable>; 481 482 dns64-server <replaceable>string</replaceable>; 483 dns64-contact <replaceable>string</replaceable>; 484 dns64 <replaceable>prefix</replaceable> { 485 clients { <replacable>acl</replacable>; }; 486 exclude { <replacable>acl</replacable>; }; 487 mapped { <replacable>acl</replacable>; }; 488 break-dnssec <replaceable>boolean</replaceable>; 489 recursive-only <replaceable>boolean</replaceable>; 490 suffix <replaceable>ipv6_address</replaceable>; 491 }; 492 493 empty-server <replaceable>string</replaceable>; 494 empty-contact <replaceable>string</replaceable>; 495 empty-zones-enable <replaceable>boolean</replaceable>; 496 disable-empty-zone <replaceable>string</replaceable>; 497 498 dialup <replaceable>dialuptype</replaceable>; 499 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 500 501 allow-query { <replaceable>address_match_element</replaceable>; ... }; 502 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 503 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 504 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 505 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 506 allow-update { <replaceable>address_match_element</replaceable>; ... }; 507 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 508 update-check-ksk <replaceable>boolean</replaceable>; 509 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 510 511 masterfile-format ( text | raw ); 512 notify <replaceable>notifytype</replaceable>; 513 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 514 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 515 notify-delay <replaceable>seconds</replaceable>; 516 notify-to-soa <replaceable>boolean</replaceable>; 517 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 518 <optional> port <replaceable>integer</replaceable> </optional>; ... 519 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 520 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 521 522 forward ( first | only ); 523 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 524 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 525 }; 526 527 max-journal-size <replaceable>size_no_default</replaceable>; 528 max-transfer-time-in <replaceable>integer</replaceable>; 529 max-transfer-time-out <replaceable>integer</replaceable>; 530 max-transfer-idle-in <replaceable>integer</replaceable>; 531 max-transfer-idle-out <replaceable>integer</replaceable>; 532 max-retry-time <replaceable>integer</replaceable>; 533 min-retry-time <replaceable>integer</replaceable>; 534 max-refresh-time <replaceable>integer</replaceable>; 535 min-refresh-time <replaceable>integer</replaceable>; 536 multi-master <replaceable>boolean</replaceable>; 537 sig-validity-interval <replaceable>integer</replaceable>; 538 539 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 540 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 541 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 542 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 543 544 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 545 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 546 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 547 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 548 use-alt-transfer-source <replaceable>boolean</replaceable>; 549 550 zone-statistics <replaceable>boolean</replaceable>; 551 try-tcp-refresh <replaceable>boolean</replaceable>; 552 key-directory <replaceable>quoted_string</replaceable>; 553 zero-no-soa-ttl <replaceable>boolean</replaceable>; 554 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 555 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 556 557 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 558 fetch-glue <replaceable>boolean</replaceable>; // obsolete 559 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 560 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 561}; 562</literallayout> 563 </refsect1> 564 565 <refsect1> 566 <title>ZONE</title> 567 <literallayout> 568zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 569 type ( master | slave | stub | hint | redirect | 570 forward | delegation-only ); 571 file <replaceable>quoted_string</replaceable>; 572 573 masters <optional> port <replaceable>integer</replaceable> </optional> { 574 ( <replaceable>masters</replaceable> | 575 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 576 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 577 }; 578 579 database <replaceable>string</replaceable>; 580 delegation-only <replaceable>boolean</replaceable>; 581 check-names ( fail | warn | ignore ); 582 check-mx ( fail | warn | ignore ); 583 check-integrity <replaceable>boolean</replaceable>; 584 check-mx-cname ( fail | warn | ignore ); 585 check-srv-cname ( fail | warn | ignore ); 586 dialup <replaceable>dialuptype</replaceable>; 587 ixfr-from-differences <replaceable>boolean</replaceable>; 588 journal <replaceable>quoted_string</replaceable>; 589 zero-no-soa-ttl <replaceable>boolean</replaceable>; 590 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 591 592 allow-query { <replaceable>address_match_element</replaceable>; ... }; 593 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 594 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 595 allow-update { <replaceable>address_match_element</replaceable>; ... }; 596 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 597 update-policy <replaceable>local</replaceable> | <replaceable> { 598 ( grant | deny ) <replaceable>string</replaceable> 599 ( name | subdomain | wildcard | self | selfsub | selfwild | 600 krb5-self | ms-self | krb5-subdomain | ms-subdomain | 601 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> 602 <replaceable>rrtypelist</replaceable>; 603 <optional>...</optional> 604 }</replaceable>; 605 update-check-ksk <replaceable>boolean</replaceable>; 606 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 607 608 masterfile-format ( text | raw ); 609 notify <replaceable>notifytype</replaceable>; 610 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 611 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 612 notify-delay <replaceable>seconds</replaceable>; 613 notify-to-soa <replaceable>boolean</replaceable>; 614 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 615 <optional> port <replaceable>integer</replaceable> </optional>; ... 616 <optional> key <replaceable>keyname</replaceable> </optional> ... }; 617 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 618 619 forward ( first | only ); 620 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 621 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 622 }; 623 624 max-journal-size <replaceable>size_no_default</replaceable>; 625 max-transfer-time-in <replaceable>integer</replaceable>; 626 max-transfer-time-out <replaceable>integer</replaceable>; 627 max-transfer-idle-in <replaceable>integer</replaceable>; 628 max-transfer-idle-out <replaceable>integer</replaceable>; 629 max-retry-time <replaceable>integer</replaceable>; 630 min-retry-time <replaceable>integer</replaceable>; 631 max-refresh-time <replaceable>integer</replaceable>; 632 min-refresh-time <replaceable>integer</replaceable>; 633 multi-master <replaceable>boolean</replaceable>; 634 request-ixfr <replaceable>boolean</replaceable>; 635 sig-validity-interval <replaceable>integer</replaceable>; 636 637 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 638 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 639 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 640 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 641 642 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 643 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 644 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 645 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 646 use-alt-transfer-source <replaceable>boolean</replaceable>; 647 648 zone-statistics <replaceable>boolean</replaceable>; 649 try-tcp-refresh <replaceable>boolean</replaceable>; 650 key-directory <replaceable>quoted_string</replaceable>; 651 652 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 653 654 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete 655 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete 656 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 657 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 658 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete 659}; 660</literallayout> 661 </refsect1> 662 663 <refsect1> 664 <title>FILES</title> 665 <para><filename>/etc/named.conf</filename> 666 </para> 667 </refsect1> 668 669 <refsect1> 670 <title>SEE ALSO</title> 671 <para><citerefentry> 672 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 673 </citerefentry>, 674 <citerefentry> 675 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> 676 </citerefentry>, 677 <citerefentry> 678 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> 679 </citerefentry>, 680 <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 681 </para> 682 </refsect1> 683 684</refentry><!-- 685 - Local variables: 686 - mode: sgml 687 - End: 688--> 689