1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ --> 21<refentry> 22 <refentryinfo> 23 <date>Aug 13, 2004</date> 24 </refentryinfo> 25 26 <refmeta> 27 <refentrytitle><filename>named.conf</filename></refentrytitle> 28 <manvolnum>5</manvolnum> 29 <refmiscinfo>BIND9</refmiscinfo> 30 </refmeta> 31 32 <refnamediv> 33 <refname><filename>named.conf</filename></refname> 34 <refpurpose>configuration file for named</refpurpose> 35 </refnamediv> 36 37 <docinfo> 38 <copyright> 39 <year>2004</year> 40 <year>2005</year> 41 <year>2006</year> 42 <year>2007</year> 43 <year>2008</year> 44 <year>2009</year> 45 <year>2010</year> 46 <year>2011</year> 47 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 48 </copyright> 49 </docinfo> 50 51 <refsynopsisdiv> 52 <cmdsynopsis> 53 <command>named.conf</command> 54 </cmdsynopsis> 55 </refsynopsisdiv> 56 57 <refsect1> 58 <title>DESCRIPTION</title> 59 <para><filename>named.conf</filename> is the configuration file 60 for 61 <command>named</command>. Statements are enclosed 62 in braces and terminated with a semi-colon. Clauses in 63 the statements are also semi-colon terminated. The usual 64 comment styles are supported: 65 </para> 66 <para> 67 C style: /* */ 68 </para> 69 <para> 70 C++ style: // to end of line 71 </para> 72 <para> 73 Unix style: # to end of line 74 </para> 75 </refsect1> 76 77 <refsect1> 78 <title>ACL</title> 79 <literallayout> 80acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... }; 81 82</literallayout> 83 </refsect1> 84 85 <refsect1> 86 <title>KEY</title> 87 <literallayout> 88key <replaceable>domain_name</replaceable> { 89 algorithm <replaceable>string</replaceable>; 90 secret <replaceable>string</replaceable>; 91}; 92</literallayout> 93 </refsect1> 94 95 <refsect1> 96 <title>MASTERS</title> 97 <literallayout> 98masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> { 99 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 100 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 101}; 102</literallayout> 103 </refsect1> 104 105 <refsect1> 106 <title>SERVER</title> 107 <literallayout> 108server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 109 bogus <replaceable>boolean</replaceable>; 110 edns <replaceable>boolean</replaceable>; 111 edns-udp-size <replaceable>integer</replaceable>; 112 max-udp-size <replaceable>integer</replaceable>; 113 provide-ixfr <replaceable>boolean</replaceable>; 114 request-ixfr <replaceable>boolean</replaceable>; 115 keys <replaceable>server_key</replaceable>; 116 transfers <replaceable>integer</replaceable>; 117 transfer-format ( many-answers | one-answer ); 118 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 119 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 120 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 122 123 support-ixfr <replaceable>boolean</replaceable>; // obsolete 124}; 125</literallayout> 126 </refsect1> 127 128 <refsect1> 129 <title>TRUSTED-KEYS</title> 130 <literallayout> 131trusted-keys { 132 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 133}; 134</literallayout> 135 </refsect1> 136 137 <refsect1> 138 <title>MANAGED-KEYS</title> 139 <literallayout> 140managed-keys { 141 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 142}; 143</literallayout> 144 </refsect1> 145 146 <refsect1> 147 <title>CONTROLS</title> 148 <literallayout> 149controls { 150 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * ) 151 <optional> port ( <replaceable>integer</replaceable> | * ) </optional> 152 allow { <replaceable>address_match_element</replaceable>; ... } 153 <optional> keys { <replaceable>string</replaceable>; ... } </optional>; 154 unix <replaceable>unsupported</replaceable>; // not implemented 155}; 156</literallayout> 157 </refsect1> 158 159 <refsect1> 160 <title>LOGGING</title> 161 <literallayout> 162logging { 163 channel <replaceable>string</replaceable> { 164 file <replaceable>log_file</replaceable>; 165 syslog <replaceable>optional_facility</replaceable>; 166 null; 167 stderr; 168 severity <replaceable>log_severity</replaceable>; 169 print-time <replaceable>boolean</replaceable>; 170 print-severity <replaceable>boolean</replaceable>; 171 print-category <replaceable>boolean</replaceable>; 172 }; 173 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 174}; 175</literallayout> 176 </refsect1> 177 178 <refsect1> 179 <title>LWRES</title> 180 <literallayout> 181lwres { 182 listen-on <optional> port <replaceable>integer</replaceable> </optional> { 183 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 184 }; 185 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>; 186 search { <replaceable>string</replaceable>; ... }; 187 ndots <replaceable>integer</replaceable>; 188}; 189</literallayout> 190 </refsect1> 191 192 <refsect1> 193 <title>OPTIONS</title> 194 <literallayout> 195options { 196 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... }; 197 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... }; 198 blackhole { <replaceable>address_match_element</replaceable>; ... }; 199 coresize <replaceable>size</replaceable>; 200 datasize <replaceable>size</replaceable>; 201 directory <replaceable>quoted_string</replaceable>; 202 dump-file <replaceable>quoted_string</replaceable>; 203 files <replaceable>size</replaceable>; 204 heartbeat-interval <replaceable>integer</replaceable>; 205 host-statistics <replaceable>boolean</replaceable>; // not implemented 206 host-statistics-max <replaceable>number</replaceable>; // not implemented 207 hostname ( <replaceable>quoted_string</replaceable> | none ); 208 interface-interval <replaceable>integer</replaceable>; 209 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 210 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; 211 match-mapped-addresses <replaceable>boolean</replaceable>; 212 memstatistics-file <replaceable>quoted_string</replaceable>; 213 pid-file ( <replaceable>quoted_string</replaceable> | none ); 214 port <replaceable>integer</replaceable>; 215 querylog <replaceable>boolean</replaceable>; 216 recursing-file <replaceable>quoted_string</replaceable>; 217 reserved-sockets <replaceable>integer</replaceable>; 218 random-device <replaceable>quoted_string</replaceable>; 219 recursive-clients <replaceable>integer</replaceable>; 220 serial-query-rate <replaceable>integer</replaceable>; 221 server-id ( <replaceable>quoted_string</replaceable> | none |; 222 stacksize <replaceable>size</replaceable>; 223 statistics-file <replaceable>quoted_string</replaceable>; 224 statistics-interval <replaceable>integer</replaceable>; // not yet implemented 225 tcp-clients <replaceable>integer</replaceable>; 226 tcp-listen-queue <replaceable>integer</replaceable>; 227 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>; 228 tkey-gssapi-credential <replaceable>quoted_string</replaceable>; 229 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>; 230 tkey-domain <replaceable>quoted_string</replaceable>; 231 transfers-per-ns <replaceable>integer</replaceable>; 232 transfers-in <replaceable>integer</replaceable>; 233 transfers-out <replaceable>integer</replaceable>; 234 use-ixfr <replaceable>boolean</replaceable>; 235 version ( <replaceable>quoted_string</replaceable> | none ); 236 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 237 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 238 sortlist { <replaceable>address_match_element</replaceable>; ... }; 239 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 240 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 241 minimal-responses <replaceable>boolean</replaceable>; 242 recursion <replaceable>boolean</replaceable>; 243 rrset-order { 244 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 245 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 246 }; 247 provide-ixfr <replaceable>boolean</replaceable>; 248 request-ixfr <replaceable>boolean</replaceable>; 249 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 250 additional-from-auth <replaceable>boolean</replaceable>; 251 additional-from-cache <replaceable>boolean</replaceable>; 252 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 253 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 254 use-queryport-pool <replaceable>boolean</replaceable>; 255 queryport-pool-ports <replaceable>integer</replaceable>; 256 queryport-pool-updateinterval <replaceable>integer</replaceable>; 257 cleaning-interval <replaceable>integer</replaceable>; 258 resolver-query-timeout <replaceable>integer</replaceable>; 259 min-roots <replaceable>integer</replaceable>; // not implemented 260 lame-ttl <replaceable>integer</replaceable>; 261 max-ncache-ttl <replaceable>integer</replaceable>; 262 max-cache-ttl <replaceable>integer</replaceable>; 263 transfer-format ( many-answers | one-answer ); 264 max-cache-size <replaceable>size</replaceable>; 265 max-acache-size <replaceable>size</replaceable>; 266 clients-per-query <replaceable>number</replaceable>; 267 max-clients-per-query <replaceable>number</replaceable>; 268 check-names ( master | slave | response ) 269 ( fail | warn | ignore ); 270 check-mx ( fail | warn | ignore ); 271 check-integrity <replaceable>boolean</replaceable>; 272 check-mx-cname ( fail | warn | ignore ); 273 check-srv-cname ( fail | warn | ignore ); 274 cache-file <replaceable>quoted_string</replaceable>; // test option 275 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 276 preferred-glue <replaceable>string</replaceable>; 277 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 278 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 279 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 280 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 281 }; 282 edns-udp-size <replaceable>integer</replaceable>; 283 max-udp-size <replaceable>integer</replaceable>; 284 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 285 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 286 dnssec-enable <replaceable>boolean</replaceable>; 287 dnssec-validation <replaceable>boolean</replaceable>; 288 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 289 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 290 dnssec-accept-expired <replaceable>boolean</replaceable>; 291 292 dns64-server <replaceable>string</replaceable>; 293 dns64-contact <replaceable>string</replaceable>; 294 dns64 <replaceable>prefix</replaceable> { 295 clients { <replacable>acl</replacable>; }; 296 exclude { <replacable>acl</replacable>; }; 297 mapped { <replacable>acl</replacable>; }; 298 break-dnssec <replaceable>boolean</replaceable>; 299 recursive-only <replaceable>boolean</replaceable>; 300 suffix <replaceable>ipv6_address</replaceable>; 301 }; 302 303 empty-server <replaceable>string</replaceable>; 304 empty-contact <replaceable>string</replaceable>; 305 empty-zones-enable <replaceable>boolean</replaceable>; 306 disable-empty-zone <replaceable>string</replaceable>; 307 308 dialup <replaceable>dialuptype</replaceable>; 309 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 310 311 allow-query { <replaceable>address_match_element</replaceable>; ... }; 312 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 313 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 314 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 315 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 316 allow-update { <replaceable>address_match_element</replaceable>; ... }; 317 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 318 update-check-ksk <replaceable>boolean</replaceable>; 319 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 320 321 masterfile-format ( text | raw ); 322 notify <replaceable>notifytype</replaceable>; 323 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 324 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 325 notify-delay <replaceable>seconds</replaceable>; 326 notify-to-soa <replaceable>boolean</replaceable>; 327 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 328 <optional> port <replaceable>integer</replaceable> </optional>; ... }; 329 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 330 331 forward ( first | only ); 332 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 333 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 334 }; 335 336 max-journal-size <replaceable>size_no_default</replaceable>; 337 max-transfer-time-in <replaceable>integer</replaceable>; 338 max-transfer-time-out <replaceable>integer</replaceable>; 339 max-transfer-idle-in <replaceable>integer</replaceable>; 340 max-transfer-idle-out <replaceable>integer</replaceable>; 341 max-retry-time <replaceable>integer</replaceable>; 342 min-retry-time <replaceable>integer</replaceable>; 343 max-refresh-time <replaceable>integer</replaceable>; 344 min-refresh-time <replaceable>integer</replaceable>; 345 multi-master <replaceable>boolean</replaceable>; 346 347 sig-validity-interval <replaceable>integer</replaceable>; 348 sig-re-signing-interval <replaceable>integer</replaceable>; 349 sig-signing-nodes <replaceable>integer</replaceable>; 350 sig-signing-signatures <replaceable>integer</replaceable>; 351 sig-signing-type <replaceable>integer</replaceable>; 352 353 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 354 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 355 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 356 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 357 358 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 359 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 360 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 361 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 362 use-alt-transfer-source <replaceable>boolean</replaceable>; 363 364 zone-statistics <replaceable>boolean</replaceable>; 365 key-directory <replaceable>quoted_string</replaceable>; 366 managed-keys-directory <replaceable>quoted_string</replaceable>; 367 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; 368 try-tcp-refresh <replaceable>boolean</replaceable>; 369 zero-no-soa-ttl <replaceable>boolean</replaceable>; 370 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 371 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 372 deny-answer-addresses { 373 <replaceable>address_match_list</replaceable> 374 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 375 deny-answer-aliases { 376 <replaceable>namelist</replaceable> 377 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; 378 379 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 380 381 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 382 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete 383 fake-iquery <replaceable>boolean</replaceable>; // obsolete 384 fetch-glue <replaceable>boolean</replaceable>; // obsolete 385 has-old-clients <replaceable>boolean</replaceable>; // obsolete 386 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 387 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 388 multiple-cnames <replaceable>boolean</replaceable>; // obsolete 389 named-xfer <replaceable>quoted_string</replaceable>; // obsolete 390 serial-queries <replaceable>integer</replaceable>; // obsolete 391 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete 392 use-id-pool <replaceable>boolean</replaceable>; // obsolete 393}; 394</literallayout> 395 </refsect1> 396 397 <refsect1> 398 <title>VIEW</title> 399 <literallayout> 400view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 401 match-clients { <replaceable>address_match_element</replaceable>; ... }; 402 match-destinations { <replaceable>address_match_element</replaceable>; ... }; 403 match-recursive-only <replaceable>boolean</replaceable>; 404 405 key <replaceable>string</replaceable> { 406 algorithm <replaceable>string</replaceable>; 407 secret <replaceable>string</replaceable>; 408 }; 409 410 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 411 ... 412 }; 413 414 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { 415 ... 416 }; 417 418 trusted-keys { 419 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; 420 <optional>...</optional> 421 }; 422 423 allow-recursion { <replaceable>address_match_element</replaceable>; ... }; 424 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; 425 sortlist { <replaceable>address_match_element</replaceable>; ... }; 426 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented 427 auth-nxdomain <replaceable>boolean</replaceable>; // default changed 428 minimal-responses <replaceable>boolean</replaceable>; 429 recursion <replaceable>boolean</replaceable>; 430 rrset-order { 431 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> 432 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... 433 }; 434 provide-ixfr <replaceable>boolean</replaceable>; 435 request-ixfr <replaceable>boolean</replaceable>; 436 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented 437 additional-from-auth <replaceable>boolean</replaceable>; 438 additional-from-cache <replaceable>boolean</replaceable>; 439 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 440 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 441 use-queryport-pool <replaceable>boolean</replaceable>; 442 queryport-pool-ports <replaceable>integer</replaceable>; 443 queryport-pool-updateinterval <replaceable>integer</replaceable>; 444 cleaning-interval <replaceable>integer</replaceable>; 445 resolver-query-timeout <replaceable>integer</replaceable>; 446 min-roots <replaceable>integer</replaceable>; // not implemented 447 lame-ttl <replaceable>integer</replaceable>; 448 max-ncache-ttl <replaceable>integer</replaceable>; 449 max-cache-ttl <replaceable>integer</replaceable>; 450 transfer-format ( many-answers | one-answer ); 451 max-cache-size <replaceable>size</replaceable>; 452 max-acache-size <replaceable>size</replaceable>; 453 clients-per-query <replaceable>number</replaceable>; 454 max-clients-per-query <replaceable>number</replaceable>; 455 check-names ( master | slave | response ) 456 ( fail | warn | ignore ); 457 check-mx ( fail | warn | ignore ); 458 check-integrity <replaceable>boolean</replaceable>; 459 check-mx-cname ( fail | warn | ignore ); 460 check-srv-cname ( fail | warn | ignore ); 461 cache-file <replaceable>quoted_string</replaceable>; // test option 462 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented 463 preferred-glue <replaceable>string</replaceable>; 464 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { 465 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 466 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 467 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... 468 }; 469 edns-udp-size <replaceable>integer</replaceable>; 470 max-udp-size <replaceable>integer</replaceable>; 471 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; 472 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; 473 dnssec-enable <replaceable>boolean</replaceable>; 474 dnssec-validation <replaceable>boolean</replaceable>; 475 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); 476 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; 477 dnssec-accept-expired <replaceable>boolean</replaceable>; 478 479 dns64-server <replaceable>string</replaceable>; 480 dns64-contact <replaceable>string</replaceable>; 481 dns64 <replaceable>prefix</replaceable> { 482 clients { <replacable>acl</replacable>; }; 483 exclude { <replacable>acl</replacable>; }; 484 mapped { <replacable>acl</replacable>; }; 485 break-dnssec <replaceable>boolean</replaceable>; 486 recursive-only <replaceable>boolean</replaceable>; 487 suffix <replaceable>ipv6_address</replaceable>; 488 }; 489 490 empty-server <replaceable>string</replaceable>; 491 empty-contact <replaceable>string</replaceable>; 492 empty-zones-enable <replaceable>boolean</replaceable>; 493 disable-empty-zone <replaceable>string</replaceable>; 494 495 dialup <replaceable>dialuptype</replaceable>; 496 ixfr-from-differences <replaceable>ixfrdiff</replaceable>; 497 498 allow-query { <replaceable>address_match_element</replaceable>; ... }; 499 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 500 allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; 501 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; 502 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 503 allow-update { <replaceable>address_match_element</replaceable>; ... }; 504 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 505 update-check-ksk <replaceable>boolean</replaceable>; 506 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 507 508 masterfile-format ( text | raw ); 509 notify <replaceable>notifytype</replaceable>; 510 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 511 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 512 notify-delay <replaceable>seconds</replaceable>; 513 notify-to-soa <replaceable>boolean</replaceable>; 514 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 515 <optional> port <replaceable>integer</replaceable> </optional>; ... }; 516 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 517 518 forward ( first | only ); 519 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 520 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 521 }; 522 523 max-journal-size <replaceable>size_no_default</replaceable>; 524 max-transfer-time-in <replaceable>integer</replaceable>; 525 max-transfer-time-out <replaceable>integer</replaceable>; 526 max-transfer-idle-in <replaceable>integer</replaceable>; 527 max-transfer-idle-out <replaceable>integer</replaceable>; 528 max-retry-time <replaceable>integer</replaceable>; 529 min-retry-time <replaceable>integer</replaceable>; 530 max-refresh-time <replaceable>integer</replaceable>; 531 min-refresh-time <replaceable>integer</replaceable>; 532 multi-master <replaceable>boolean</replaceable>; 533 sig-validity-interval <replaceable>integer</replaceable>; 534 535 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 536 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 537 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 538 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 539 540 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 541 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 542 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 543 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 544 use-alt-transfer-source <replaceable>boolean</replaceable>; 545 546 zone-statistics <replaceable>boolean</replaceable>; 547 try-tcp-refresh <replaceable>boolean</replaceable>; 548 key-directory <replaceable>quoted_string</replaceable>; 549 zero-no-soa-ttl <replaceable>boolean</replaceable>; 550 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; 551 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 552 553 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete 554 fetch-glue <replaceable>boolean</replaceable>; // obsolete 555 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 556 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 557}; 558</literallayout> 559 </refsect1> 560 561 <refsect1> 562 <title>ZONE</title> 563 <literallayout> 564zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { 565 type ( master | slave | stub | hint | 566 forward | delegation-only ); 567 file <replaceable>quoted_string</replaceable>; 568 569 masters <optional> port <replaceable>integer</replaceable> </optional> { 570 ( <replaceable>masters</replaceable> | 571 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | 572 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... 573 }; 574 575 database <replaceable>string</replaceable>; 576 delegation-only <replaceable>boolean</replaceable>; 577 check-names ( fail | warn | ignore ); 578 check-mx ( fail | warn | ignore ); 579 check-integrity <replaceable>boolean</replaceable>; 580 check-mx-cname ( fail | warn | ignore ); 581 check-srv-cname ( fail | warn | ignore ); 582 dialup <replaceable>dialuptype</replaceable>; 583 ixfr-from-differences <replaceable>boolean</replaceable>; 584 journal <replaceable>quoted_string</replaceable>; 585 zero-no-soa-ttl <replaceable>boolean</replaceable>; 586 dnssec-secure-to-insecure <replaceable>boolean</replaceable>; 587 588 allow-query { <replaceable>address_match_element</replaceable>; ... }; 589 allow-query-on { <replaceable>address_match_element</replaceable>; ... }; 590 allow-transfer { <replaceable>address_match_element</replaceable>; ... }; 591 allow-update { <replaceable>address_match_element</replaceable>; ... }; 592 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; 593 update-policy <replaceable>local</replaceable> | <replaceable> { 594 ( grant | deny ) <replaceable>string</replaceable> 595 ( name | subdomain | wildcard | self | selfsub | selfwild | 596 krb5-self | ms-self | krb5-subdomain | ms-subdomain | 597 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> 598 <replaceable>rrtypelist</replaceable>; 599 <optional>...</optional> 600 }</replaceable>; 601 update-check-ksk <replaceable>boolean</replaceable>; 602 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; 603 604 masterfile-format ( text | raw ); 605 notify <replaceable>notifytype</replaceable>; 606 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 607 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 608 notify-delay <replaceable>seconds</replaceable>; 609 notify-to-soa <replaceable>boolean</replaceable>; 610 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) 611 <optional> port <replaceable>integer</replaceable> </optional>; ... }; 612 allow-notify { <replaceable>address_match_element</replaceable>; ... }; 613 614 forward ( first | only ); 615 forwarders <optional> port <replaceable>integer</replaceable> </optional> { 616 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... 617 }; 618 619 max-journal-size <replaceable>size_no_default</replaceable>; 620 max-transfer-time-in <replaceable>integer</replaceable>; 621 max-transfer-time-out <replaceable>integer</replaceable>; 622 max-transfer-idle-in <replaceable>integer</replaceable>; 623 max-transfer-idle-out <replaceable>integer</replaceable>; 624 max-retry-time <replaceable>integer</replaceable>; 625 min-retry-time <replaceable>integer</replaceable>; 626 max-refresh-time <replaceable>integer</replaceable>; 627 min-refresh-time <replaceable>integer</replaceable>; 628 multi-master <replaceable>boolean</replaceable>; 629 sig-validity-interval <replaceable>integer</replaceable>; 630 631 transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 632 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 633 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 634 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 635 636 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) 637 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 638 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) 639 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; 640 use-alt-transfer-source <replaceable>boolean</replaceable>; 641 642 zone-statistics <replaceable>boolean</replaceable>; 643 try-tcp-refresh <replaceable>boolean</replaceable>; 644 key-directory <replaceable>quoted_string</replaceable>; 645 646 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only 647 648 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete 649 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete 650 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete 651 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete 652 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete 653}; 654</literallayout> 655 </refsect1> 656 657 <refsect1> 658 <title>FILES</title> 659 <para><filename>/etc/named.conf</filename> 660 </para> 661 </refsect1> 662 663 <refsect1> 664 <title>SEE ALSO</title> 665 <para><citerefentry> 666 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 667 </citerefentry>, 668 <citerefentry> 669 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> 670 </citerefentry>, 671 <citerefentry> 672 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> 673 </citerefentry>, 674 <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 675 </para> 676 </refsect1> 677 678</refentry><!-- 679 - Local variables: 680 - mode: sgml 681 - End: 682--> 683