2 This is a summary of the named.conf options supported by
3 this version of BIND 9.
5 acl <string> { <address_match_element>; ... };
8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
9 ) ] allow { <address_match_element>; ... } [ keys { <string>;
11 unix <quoted_string> perm <integer> owner <integer> group <integer>
12 [ keys { <string>; ... } ];
25 category <string> { <string>; ... };
27 file <quoted_string> [ versions ( "unlimited" | <integer> )
30 print-category <boolean>;
31 print-severity <boolean>;
33 severity <log_severity>;
35 syslog <optional_facility>;
40 listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
41 [ port <integer> ]; ... };
43 search { <string>; ... };
44 view <string> <optional_class>;
47 masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
48 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
51 acache-cleaning-interval <integer>;
52 acache-enable <boolean>;
53 additional-from-auth <boolean>;
54 additional-from-cache <boolean>;
55 allow-notify { <address_match_element>; ... };
56 allow-query { <address_match_element>; ... };
57 allow-query-cache { <address_match_element>; ... };
58 allow-query-cache-on { <address_match_element>; ... };
59 allow-query-on { <address_match_element>; ... };
60 allow-recursion { <address_match_element>; ... };
61 allow-recursion-on { <address_match_element>; ... };
62 allow-transfer { <address_match_element>; ... };
63 allow-update { <address_match_element>; ... };
64 allow-update-forwarding { <address_match_element>; ... };
65 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
66 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
67 ) [ port <integer> ]; ... };
68 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
69 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
71 auth-nxdomain <boolean>; // default changed
72 avoid-v4-udp-ports { <portrange>; ... };
73 avoid-v6-udp-ports { <portrange>; ... };
74 blackhole { <address_match_element>; ... };
75 cache-file <quoted_string>;
76 check-integrity <boolean>;
77 check-mx ( fail | warn | ignore );
78 check-mx-cname ( fail | warn | ignore );
79 check-names ( master | slave | response ) ( fail | warn | ignore );
80 check-sibling <boolean>;
81 check-srv-cname ( fail | warn | ignore );
82 check-wildcard <boolean>;
83 cleaning-interval <integer>;
84 clients-per-query <integer>;
87 deallocate-on-exit <boolean>; // obsolete
89 directory <quoted_string>;
90 disable-algorithms <string> { <string>; ... };
91 disable-empty-zone <string>;
92 dnssec-accept-expired <boolean>;
93 dnssec-enable <boolean>;
94 dnssec-lookaside <string> trust-anchor <string>;
95 dnssec-must-be-secure <string> <boolean>;
96 dnssec-validation <boolean>;
97 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
98 <integer> ] | <ipv4_address> [ port <integer> ] |
99 <ipv6_address> [ port <integer> ] ); ... };
100 dump-file <quoted_string>;
101 edns-udp-size <integer>;
102 empty-contact <string>;
103 empty-server <string>;
104 empty-zones-enable <boolean>;
105 fake-iquery <boolean>; // obsolete
106 fetch-glue <boolean>; // obsolete
108 flush-zones-on-shutdown <boolean>;
109 forward ( first | only );
110 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
111 [ port <integer> ]; ... };
112 has-old-clients <boolean>; // obsolete
113 heartbeat-interval <integer>;
114 host-statistics <boolean>; // not implemented
115 host-statistics-max <integer>; // not implemented
116 hostname ( <quoted_string> | none );
117 interface-interval <integer>;
118 ixfr-from-differences <ixfrdiff>;
119 key-directory <quoted_string>;
121 listen-on [ port <integer> ] { <address_match_element>; ... };
122 listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
123 maintain-ixfr-base <boolean>; // obsolete
124 masterfile-format ( text | raw );
125 match-mapped-addresses <boolean>;
126 max-acache-size <size_no_default>;
127 max-cache-size <size_no_default>;
128 max-cache-ttl <integer>;
129 max-clients-per-query <integer>;
130 max-ixfr-log-size <size>; // obsolete
131 max-journal-size <size_no_default>;
132 max-ncache-ttl <integer>;
133 max-refresh-time <integer>;
134 max-retry-time <integer>;
135 max-transfer-idle-in <integer>;
136 max-transfer-idle-out <integer>;
137 max-transfer-time-in <integer>;
138 max-transfer-time-out <integer>;
139 max-udp-size <integer>;
140 memstatistics <boolean>;
141 memstatistics-file <quoted_string>;
142 min-refresh-time <integer>;
143 min-retry-time <integer>;
144 min-roots <integer>; // not implemented
145 minimal-responses <boolean>;
146 multi-master <boolean>;
147 multiple-cnames <boolean>; // obsolete
148 named-xfer <quoted_string>; // obsolete
150 notify-delay <integer>;
151 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
152 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
153 notify-to-soa <boolean>;
154 nsec3-test-zone <boolean>; // test only
155 pid-file ( <quoted_string> | none );
157 preferred-glue <string>;
158 provide-ixfr <boolean>;
159 query-source <querysource4>;
160 query-source-v6 <querysource6>;
162 queryport-pool-ports <integer>; // obsolete
163 queryport-pool-updateinterval <integer>; // obsolete
164 random-device <quoted_string>;
165 recursing-file <quoted_string>;
167 recursive-clients <integer>;
168 request-ixfr <boolean>;
169 request-nsid <boolean>;
170 reserved-sockets <integer>;
171 rfc2308-type1 <boolean>; // not yet implemented
172 root-delegation-only [ exclude { <quoted_string>; ... } ];
173 rrset-order { [ class <string> ] [ type <string> ] [ name
174 <quoted_string> ] <string> <string>; ... };
175 serial-queries <integer>; // obsolete
176 serial-query-rate <integer>;
177 server-id ( <quoted_string> | none |;
178 sig-signing-nodes <integer>;
179 sig-signing-signatures <integer>;
180 sig-signing-type <integer>;
181 sig-validity-interval <integer> [ <integer> ];
182 sortlist { <address_match_element>; ... };
184 statistics-file <quoted_string>;
185 statistics-interval <integer>; // not yet implemented
186 suppress-initial-notify <boolean>; // not yet implemented
187 tcp-clients <integer>;
188 tcp-listen-queue <integer>;
189 tkey-dhkey <quoted_string> <integer>;
190 tkey-domain <quoted_string>;
191 tkey-gssapi-credential <quoted_string>;
192 topology { <address_match_element>; ... }; // not implemented
193 transfer-format ( many-answers | one-answer );
194 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
195 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
196 transfers-in <integer>;
197 transfers-out <integer>;
198 transfers-per-ns <integer>;
199 treat-cr-as-space <boolean>; // obsolete
200 try-tcp-refresh <boolean>;
201 update-check-ksk <boolean>;
202 use-alt-transfer-source <boolean>;
203 use-id-pool <boolean>; // obsolete
205 use-queryport-pool <boolean>; // obsolete
206 use-v4-udp-ports { <portrange>; ... };
207 use-v6-udp-ports { <portrange>; ... };
208 version ( <quoted_string> | none );
209 zero-no-soa-ttl <boolean>;
210 zero-no-soa-ttl-cache <boolean>;
211 zone-statistics <boolean>;
217 edns-udp-size <integer>;
219 max-udp-size <integer>;
220 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
221 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
222 provide-ixfr <boolean>;
223 query-source <querysource4>;
224 query-source-v6 <querysource6>;
225 request-ixfr <boolean>;
226 support-ixfr <boolean>; // obsolete
227 transfer-format ( many-answers | one-answer );
228 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
229 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
233 statistics-channels {
234 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
235 ) ] [ allow { <address_match_element>; ... } ];
238 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
240 view <string> <optional_class> {
241 acache-cleaning-interval <integer>;
242 acache-enable <boolean>;
243 additional-from-auth <boolean>;
244 additional-from-cache <boolean>;
245 allow-notify { <address_match_element>; ... };
246 allow-query { <address_match_element>; ... };
247 allow-query-cache { <address_match_element>; ... };
248 allow-query-cache-on { <address_match_element>; ... };
249 allow-query-on { <address_match_element>; ... };
250 allow-recursion { <address_match_element>; ... };
251 allow-recursion-on { <address_match_element>; ... };
252 allow-transfer { <address_match_element>; ... };
253 allow-update { <address_match_element>; ... };
254 allow-update-forwarding { <address_match_element>; ... };
255 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
256 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
257 ) [ port <integer> ]; ... };
258 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
259 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
261 auth-nxdomain <boolean>; // default changed
262 cache-file <quoted_string>;
263 check-integrity <boolean>;
264 check-mx ( fail | warn | ignore );
265 check-mx-cname ( fail | warn | ignore );
266 check-names ( master | slave | response ) ( fail | warn | ignore );
267 check-sibling <boolean>;
268 check-srv-cname ( fail | warn | ignore );
269 check-wildcard <boolean>;
270 cleaning-interval <integer>;
271 clients-per-query <integer>;
274 disable-algorithms <string> { <string>; ... };
275 disable-empty-zone <string>;
279 dnssec-accept-expired <boolean>;
280 dnssec-enable <boolean>;
281 dnssec-lookaside <string> trust-anchor <string>;
282 dnssec-must-be-secure <string> <boolean>;
283 dnssec-validation <boolean>;
284 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
285 <integer> ] | <ipv4_address> [ port <integer> ] |
286 <ipv6_address> [ port <integer> ] ); ... };
287 edns-udp-size <integer>;
288 empty-contact <string>;
289 empty-server <string>;
290 empty-zones-enable <boolean>;
291 fetch-glue <boolean>; // obsolete
292 forward ( first | only );
293 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
294 [ port <integer> ]; ... };
295 ixfr-from-differences <ixfrdiff>;
300 key-directory <quoted_string>;
302 maintain-ixfr-base <boolean>; // obsolete
303 masterfile-format ( text | raw );
304 match-clients { <address_match_element>; ... };
305 match-destinations { <address_match_element>; ... };
306 match-recursive-only <boolean>;
307 max-acache-size <size_no_default>;
308 max-cache-size <size_no_default>;
309 max-cache-ttl <integer>;
310 max-clients-per-query <integer>;
311 max-ixfr-log-size <size>; // obsolete
312 max-journal-size <size_no_default>;
313 max-ncache-ttl <integer>;
314 max-refresh-time <integer>;
315 max-retry-time <integer>;
316 max-transfer-idle-in <integer>;
317 max-transfer-idle-out <integer>;
318 max-transfer-time-in <integer>;
319 max-transfer-time-out <integer>;
320 max-udp-size <integer>;
321 min-refresh-time <integer>;
322 min-retry-time <integer>;
323 min-roots <integer>; // not implemented
324 minimal-responses <boolean>;
325 multi-master <boolean>;
327 notify-delay <integer>;
328 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
329 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
330 notify-to-soa <boolean>;
331 nsec3-test-zone <boolean>; // test only
332 preferred-glue <string>;
333 provide-ixfr <boolean>;
334 query-source <querysource4>;
335 query-source-v6 <querysource6>;
336 queryport-pool-ports <integer>; // obsolete
337 queryport-pool-updateinterval <integer>; // obsolete
339 request-ixfr <boolean>;
340 request-nsid <boolean>;
341 rfc2308-type1 <boolean>; // not yet implemented
342 root-delegation-only [ exclude { <quoted_string>; ... } ];
343 rrset-order { [ class <string> ] [ type <string> ] [ name
344 <quoted_string> ] <string> <string>; ... };
348 edns-udp-size <integer>;
350 max-udp-size <integer>;
351 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
353 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
355 provide-ixfr <boolean>;
356 query-source <querysource4>;
357 query-source-v6 <querysource6>;
358 request-ixfr <boolean>;
359 support-ixfr <boolean>; // obsolete
360 transfer-format ( many-answers | one-answer );
361 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
363 transfer-source-v6 ( <ipv6_address> | * ) [ port (
367 sig-signing-nodes <integer>;
368 sig-signing-signatures <integer>;
369 sig-signing-type <integer>;
370 sig-validity-interval <integer> [ <integer> ];
371 sortlist { <address_match_element>; ... };
372 suppress-initial-notify <boolean>; // not yet implemented
373 topology { <address_match_element>; ... }; // not implemented
374 transfer-format ( many-answers | one-answer );
375 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
376 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
377 trusted-keys { <string> <integer> <integer> <integer>
378 <quoted_string>; ... };
379 try-tcp-refresh <boolean>;
380 update-check-ksk <boolean>;
381 use-alt-transfer-source <boolean>;
382 use-queryport-pool <boolean>; // obsolete
383 zero-no-soa-ttl <boolean>;
384 zero-no-soa-ttl-cache <boolean>;
385 zone <string> <optional_class> {
386 allow-notify { <address_match_element>; ... };
387 allow-query { <address_match_element>; ... };
388 allow-query-on { <address_match_element>; ... };
389 allow-transfer { <address_match_element>; ... };
390 allow-update { <address_match_element>; ... };
391 allow-update-forwarding { <address_match_element>; ... };
392 also-notify [ port <integer> ] { ( <ipv4_address> |
393 <ipv6_address> ) [ port <integer> ]; ... };
394 alt-transfer-source ( <ipv4_address> | * ) [ port (
396 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
398 check-integrity <boolean>;
399 check-mx ( fail | warn | ignore );
400 check-mx-cname ( fail | warn | ignore );
401 check-names ( fail | warn | ignore );
402 check-sibling <boolean>;
403 check-srv-cname ( fail | warn | ignore );
404 check-wildcard <boolean>;
406 delegation-only <boolean>;
408 file <quoted_string>;
409 forward ( first | only );
410 forwarders [ port <integer> ] { ( <ipv4_address> |
411 <ipv6_address> ) [ port <integer> ]; ... };
412 ixfr-base <quoted_string>; // obsolete
413 ixfr-from-differences <boolean>;
414 ixfr-tmp-file <quoted_string>; // obsolete
415 journal <quoted_string>;
416 key-directory <quoted_string>;
417 maintain-ixfr-base <boolean>; // obsolete
418 masterfile-format ( text | raw );
419 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
420 port <integer> ] | <ipv6_address> [ port <integer> ] )
421 [ key <string> ]; ... };
422 max-ixfr-log-size <size>; // obsolete
423 max-journal-size <size_no_default>;
424 max-refresh-time <integer>;
425 max-retry-time <integer>;
426 max-transfer-idle-in <integer>;
427 max-transfer-idle-out <integer>;
428 max-transfer-time-in <integer>;
429 max-transfer-time-out <integer>;
430 min-refresh-time <integer>;
431 min-retry-time <integer>;
432 multi-master <boolean>;
434 notify-delay <integer>;
435 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
437 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
439 notify-to-soa <boolean>;
440 nsec3-test-zone <boolean>; // test only
441 pubkey <integer> <integer> <integer>
442 <quoted_string>; // obsolete
443 sig-signing-nodes <integer>;
444 sig-signing-signatures <integer>;
445 sig-signing-type <integer>;
446 sig-validity-interval <integer> [ <integer> ];
447 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
449 transfer-source-v6 ( <ipv6_address> | * ) [ port (
451 try-tcp-refresh <boolean>;
452 type ( master | slave | stub | hint | forward |
454 update-check-ksk <boolean>;
455 update-policy { ( grant | deny ) <string> ( name |
456 subdomain | wildcard | self | selfsub | selfwild |
457 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
458 tcp-self | 6to4-self ) <string> <rrtypelist>; ... };
459 use-alt-transfer-source <boolean>;
460 zero-no-soa-ttl <boolean>;
461 zone-statistics <boolean>;
463 zone-statistics <boolean>;
466 zone <string> <optional_class> {
467 allow-notify { <address_match_element>; ... };
468 allow-query { <address_match_element>; ... };
469 allow-query-on { <address_match_element>; ... };
470 allow-transfer { <address_match_element>; ... };
471 allow-update { <address_match_element>; ... };
472 allow-update-forwarding { <address_match_element>; ... };
473 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
474 ) [ port <integer> ]; ... };
475 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
476 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
478 check-integrity <boolean>;
479 check-mx ( fail | warn | ignore );
480 check-mx-cname ( fail | warn | ignore );
481 check-names ( fail | warn | ignore );
482 check-sibling <boolean>;
483 check-srv-cname ( fail | warn | ignore );
484 check-wildcard <boolean>;
486 delegation-only <boolean>;
488 file <quoted_string>;
489 forward ( first | only );
490 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
491 [ port <integer> ]; ... };
492 ixfr-base <quoted_string>; // obsolete
493 ixfr-from-differences <boolean>;
494 ixfr-tmp-file <quoted_string>; // obsolete
495 journal <quoted_string>;
496 key-directory <quoted_string>;
497 maintain-ixfr-base <boolean>; // obsolete
498 masterfile-format ( text | raw );
499 masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
500 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
502 max-ixfr-log-size <size>; // obsolete
503 max-journal-size <size_no_default>;
504 max-refresh-time <integer>;
505 max-retry-time <integer>;
506 max-transfer-idle-in <integer>;
507 max-transfer-idle-out <integer>;
508 max-transfer-time-in <integer>;
509 max-transfer-time-out <integer>;
510 min-refresh-time <integer>;
511 min-retry-time <integer>;
512 multi-master <boolean>;
514 notify-delay <integer>;
515 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
516 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
517 notify-to-soa <boolean>;
518 nsec3-test-zone <boolean>; // test only
519 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
520 sig-signing-nodes <integer>;
521 sig-signing-signatures <integer>;
522 sig-signing-type <integer>;
523 sig-validity-interval <integer> [ <integer> ];
524 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
525 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
526 try-tcp-refresh <boolean>;
527 type ( master | slave | stub | hint | forward | delegation-only );
528 update-check-ksk <boolean>;
529 update-policy { ( grant | deny ) <string> ( name | subdomain |
530 wildcard | self | selfsub | selfwild | krb5-self | ms-self |
531 krb5-subdomain | ms-subdomain | tcp-self | 6to4-self ) <string>
533 use-alt-transfer-source <boolean>;
534 zero-no-soa-ttl <boolean>;
535 zone-statistics <boolean>;