1 .\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.2.26 2007/08/19 23:26:13 marka Exp $
19 .\" Title: \fInamed.conf\fR
21 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
22 .\" Date: Aug 13, 2004
26 .TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
27 .\" disable hyphenation
29 .\" disable justification (adjust text to left margin only)
32 named.conf \- configuration file for named
39 is the configuration file for
40 \fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
44 C++ style: // to end of line
46 Unix style: # to end of line
51 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
58 key \fIdomain_name\fR {
59 algorithm \fIstring\fR;
68 masters \fIstring\fR [ port \fIinteger\fR ] {
69 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
70 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
78 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
81 edns\-udp\-size \fIinteger\fR;
82 max\-udp\-size \fIinteger\fR;
83 provide\-ixfr \fIboolean\fR;
84 request\-ixfr \fIboolean\fR;
85 keys \fIserver_key\fR;
86 transfers \fIinteger\fR;
87 transfer\-format ( many\-answers | one\-answer );
88 transfer\-source ( \fIipv4_address\fR | * )
89 [ port ( \fIinteger\fR | * ) ];
90 transfer\-source\-v6 ( \fIipv6_address\fR | * )
91 [ port ( \fIinteger\fR | * ) ];
92 support\-ixfr \fIboolean\fR; // obsolete
101 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
110 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
111 [ port ( \fIinteger\fR | * ) ]
112 allow { \fIaddress_match_element\fR; ... }
113 [ keys { \fIstring\fR; ... } ];
114 unix \fIunsupported\fR; // not implemented
123 channel \fIstring\fR {
125 syslog \fIoptional_facility\fR;
128 severity \fIlog_severity\fR;
129 print\-time \fIboolean\fR;
130 print\-severity \fIboolean\fR;
131 print\-category \fIboolean\fR;
133 category \fIstring\fR { \fIstring\fR; ... };
142 listen\-on [ port \fIinteger\fR ] {
143 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
145 view \fIstring\fR \fIoptional_class\fR;
146 search { \fIstring\fR; ... };
156 avoid\-v4\-udp\-ports { \fIport\fR; ... };
157 avoid\-v6\-udp\-ports { \fIport\fR; ... };
158 blackhole { \fIaddress_match_element\fR; ... };
161 directory \fIquoted_string\fR;
162 dump\-file \fIquoted_string\fR;
164 heartbeat\-interval \fIinteger\fR;
165 host\-statistics \fIboolean\fR; // not implemented
166 host\-statistics\-max \fInumber\fR; // not implemented
167 hostname ( \fIquoted_string\fR | none );
168 interface\-interval \fIinteger\fR;
169 listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
170 listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
171 match\-mapped\-addresses \fIboolean\fR;
172 memstatistics\-file \fIquoted_string\fR;
173 pid\-file ( \fIquoted_string\fR | none );
175 querylog \fIboolean\fR;
176 recursing\-file \fIquoted_string\fR;
177 random\-device \fIquoted_string\fR;
178 recursive\-clients \fIinteger\fR;
179 serial\-query\-rate \fIinteger\fR;
180 server\-id ( \fIquoted_string\fR | none |;
181 stacksize \fIsize\fR;
182 statistics\-file \fIquoted_string\fR;
183 statistics\-interval \fIinteger\fR; // not yet implemented
184 tcp\-clients \fIinteger\fR;
185 tcp\-listen\-queue \fIinteger\fR;
186 tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
187 tkey\-gssapi\-credential \fIquoted_string\fR;
188 tkey\-domain \fIquoted_string\fR;
189 transfers\-per\-ns \fIinteger\fR;
190 transfers\-in \fIinteger\fR;
191 transfers\-out \fIinteger\fR;
192 use\-ixfr \fIboolean\fR;
193 version ( \fIquoted_string\fR | none );
194 allow\-recursion { \fIaddress_match_element\fR; ... };
195 sortlist { \fIaddress_match_element\fR; ... };
196 topology { \fIaddress_match_element\fR; ... }; // not implemented
197 auth\-nxdomain \fIboolean\fR; // default changed
198 minimal\-responses \fIboolean\fR;
199 recursion \fIboolean\fR;
201 [ class \fIstring\fR ] [ type \fIstring\fR ]
202 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
204 provide\-ixfr \fIboolean\fR;
205 request\-ixfr \fIboolean\fR;
206 rfc2308\-type1 \fIboolean\fR; // not yet implemented
207 additional\-from\-auth \fIboolean\fR;
208 additional\-from\-cache \fIboolean\fR;
209 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
210 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
211 cleaning\-interval \fIinteger\fR;
212 min\-roots \fIinteger\fR; // not implemented
213 lame\-ttl \fIinteger\fR;
214 max\-ncache\-ttl \fIinteger\fR;
215 max\-cache\-ttl \fIinteger\fR;
216 transfer\-format ( many\-answers | one\-answer );
217 max\-cache\-size \fIsize_no_default\fR;
218 max\-acache\-size \fIsize_no_default\fR;
219 clients\-per\-query \fInumber\fR;
220 max\-clients\-per\-query \fInumber\fR;
221 check\-names ( master | slave | response )
222 ( fail | warn | ignore );
223 check\-mx ( fail | warn | ignore );
224 check\-integrity \fIboolean\fR;
225 check\-mx\-cname ( fail | warn | ignore );
226 check\-srv\-cname ( fail | warn | ignore );
227 cache\-file \fIquoted_string\fR; // test option
228 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
229 preferred\-glue \fIstring\fR;
230 dual\-stack\-servers [ port \fIinteger\fR ] {
231 ( \fIquoted_string\fR [port \fIinteger\fR] |
232 \fIipv4_address\fR [port \fIinteger\fR] |
233 \fIipv6_address\fR [port \fIinteger\fR] ); ...
235 edns\-udp\-size \fIinteger\fR;
236 max\-udp\-size \fIinteger\fR;
237 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
238 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
239 dnssec\-enable \fIboolean\fR;
240 dnssec\-validation \fIboolean\fR;
241 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
242 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
243 dnssec\-accept\-expired \fIboolean\fR;
244 empty\-server \fIstring\fR;
245 empty\-contact \fIstring\fR;
246 empty\-zones\-enable \fIboolean\fR;
247 disable\-empty\-zone \fIstring\fR;
248 dialup \fIdialuptype\fR;
249 ixfr\-from\-differences \fIixfrdiff\fR;
250 allow\-query { \fIaddress_match_element\fR; ... };
251 allow\-query\-cache { \fIaddress_match_element\fR; ... };
252 allow\-transfer { \fIaddress_match_element\fR; ... };
253 allow\-update { \fIaddress_match_element\fR; ... };
254 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
255 update\-check\-ksk \fIboolean\fR;
256 masterfile\-format ( text | raw );
257 notify \fInotifytype\fR;
258 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
259 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
260 notify\-delay \fIseconds\fR;
261 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
262 [ port \fIinteger\fR ]; ... };
263 allow\-notify { \fIaddress_match_element\fR; ... };
264 forward ( first | only );
265 forwarders [ port \fIinteger\fR ] {
266 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
268 max\-journal\-size \fIsize_no_default\fR;
269 max\-transfer\-time\-in \fIinteger\fR;
270 max\-transfer\-time\-out \fIinteger\fR;
271 max\-transfer\-idle\-in \fIinteger\fR;
272 max\-transfer\-idle\-out \fIinteger\fR;
273 max\-retry\-time \fIinteger\fR;
274 min\-retry\-time \fIinteger\fR;
275 max\-refresh\-time \fIinteger\fR;
276 min\-refresh\-time \fIinteger\fR;
277 multi\-master \fIboolean\fR;
278 sig\-validity\-interval \fIinteger\fR;
279 transfer\-source ( \fIipv4_address\fR | * )
280 [ port ( \fIinteger\fR | * ) ];
281 transfer\-source\-v6 ( \fIipv6_address\fR | * )
282 [ port ( \fIinteger\fR | * ) ];
283 alt\-transfer\-source ( \fIipv4_address\fR | * )
284 [ port ( \fIinteger\fR | * ) ];
285 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
286 [ port ( \fIinteger\fR | * ) ];
287 use\-alt\-transfer\-source \fIboolean\fR;
288 zone\-statistics \fIboolean\fR;
289 key\-directory \fIquoted_string\fR;
290 zero\-no\-soa\-ttl \fIboolean\fR;
291 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
292 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
293 deallocate\-on\-exit \fIboolean\fR; // obsolete
294 fake\-iquery \fIboolean\fR; // obsolete
295 fetch\-glue \fIboolean\fR; // obsolete
296 has\-old\-clients \fIboolean\fR; // obsolete
297 maintain\-ixfr\-base \fIboolean\fR; // obsolete
298 max\-ixfr\-log\-size \fIsize\fR; // obsolete
299 multiple\-cnames \fIboolean\fR; // obsolete
300 named\-xfer \fIquoted_string\fR; // obsolete
301 serial\-queries \fIinteger\fR; // obsolete
302 treat\-cr\-as\-space \fIboolean\fR; // obsolete
303 use\-id\-pool \fIboolean\fR; // obsolete
311 view \fIstring\fR \fIoptional_class\fR {
312 match\-clients { \fIaddress_match_element\fR; ... };
313 match\-destinations { \fIaddress_match_element\fR; ... };
314 match\-recursive\-only \fIboolean\fR;
316 algorithm \fIstring\fR;
319 zone \fIstring\fR \fIoptional_class\fR {
322 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
326 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
328 allow\-recursion { \fIaddress_match_element\fR; ... };
329 sortlist { \fIaddress_match_element\fR; ... };
330 topology { \fIaddress_match_element\fR; ... }; // not implemented
331 auth\-nxdomain \fIboolean\fR; // default changed
332 minimal\-responses \fIboolean\fR;
333 recursion \fIboolean\fR;
335 [ class \fIstring\fR ] [ type \fIstring\fR ]
336 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
338 provide\-ixfr \fIboolean\fR;
339 request\-ixfr \fIboolean\fR;
340 rfc2308\-type1 \fIboolean\fR; // not yet implemented
341 additional\-from\-auth \fIboolean\fR;
342 additional\-from\-cache \fIboolean\fR;
343 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
344 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
345 cleaning\-interval \fIinteger\fR;
346 min\-roots \fIinteger\fR; // not implemented
347 lame\-ttl \fIinteger\fR;
348 max\-ncache\-ttl \fIinteger\fR;
349 max\-cache\-ttl \fIinteger\fR;
350 transfer\-format ( many\-answers | one\-answer );
351 max\-cache\-size \fIsize_no_default\fR;
352 max\-acache\-size \fIsize_no_default\fR;
353 clients\-per\-query \fInumber\fR;
354 max\-clients\-per\-query \fInumber\fR;
355 check\-names ( master | slave | response )
356 ( fail | warn | ignore );
357 check\-mx ( fail | warn | ignore );
358 check\-integrity \fIboolean\fR;
359 check\-mx\-cname ( fail | warn | ignore );
360 check\-srv\-cname ( fail | warn | ignore );
361 cache\-file \fIquoted_string\fR; // test option
362 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
363 preferred\-glue \fIstring\fR;
364 dual\-stack\-servers [ port \fIinteger\fR ] {
365 ( \fIquoted_string\fR [port \fIinteger\fR] |
366 \fIipv4_address\fR [port \fIinteger\fR] |
367 \fIipv6_address\fR [port \fIinteger\fR] ); ...
369 edns\-udp\-size \fIinteger\fR;
370 max\-udp\-size \fIinteger\fR;
371 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
372 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
373 dnssec\-enable \fIboolean\fR;
374 dnssec\-validation \fIboolean\fR;
375 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
376 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
377 dnssec\-accept\-expired \fIboolean\fR;
378 empty\-server \fIstring\fR;
379 empty\-contact \fIstring\fR;
380 empty\-zones\-enable \fIboolean\fR;
381 disable\-empty\-zone \fIstring\fR;
382 dialup \fIdialuptype\fR;
383 ixfr\-from\-differences \fIixfrdiff\fR;
384 allow\-query { \fIaddress_match_element\fR; ... };
385 allow\-query\-cache { \fIaddress_match_element\fR; ... };
386 allow\-transfer { \fIaddress_match_element\fR; ... };
387 allow\-update { \fIaddress_match_element\fR; ... };
388 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
389 update\-check\-ksk \fIboolean\fR;
390 masterfile\-format ( text | raw );
391 notify \fInotifytype\fR;
392 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
393 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
394 notify\-delay \fIseconds\fR;
395 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
396 [ port \fIinteger\fR ]; ... };
397 allow\-notify { \fIaddress_match_element\fR; ... };
398 forward ( first | only );
399 forwarders [ port \fIinteger\fR ] {
400 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
402 max\-journal\-size \fIsize_no_default\fR;
403 max\-transfer\-time\-in \fIinteger\fR;
404 max\-transfer\-time\-out \fIinteger\fR;
405 max\-transfer\-idle\-in \fIinteger\fR;
406 max\-transfer\-idle\-out \fIinteger\fR;
407 max\-retry\-time \fIinteger\fR;
408 min\-retry\-time \fIinteger\fR;
409 max\-refresh\-time \fIinteger\fR;
410 min\-refresh\-time \fIinteger\fR;
411 multi\-master \fIboolean\fR;
412 sig\-validity\-interval \fIinteger\fR;
413 transfer\-source ( \fIipv4_address\fR | * )
414 [ port ( \fIinteger\fR | * ) ];
415 transfer\-source\-v6 ( \fIipv6_address\fR | * )
416 [ port ( \fIinteger\fR | * ) ];
417 alt\-transfer\-source ( \fIipv4_address\fR | * )
418 [ port ( \fIinteger\fR | * ) ];
419 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
420 [ port ( \fIinteger\fR | * ) ];
421 use\-alt\-transfer\-source \fIboolean\fR;
422 zone\-statistics \fIboolean\fR;
423 key\-directory \fIquoted_string\fR;
424 zero\-no\-soa\-ttl \fIboolean\fR;
425 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
426 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
427 fetch\-glue \fIboolean\fR; // obsolete
428 maintain\-ixfr\-base \fIboolean\fR; // obsolete
429 max\-ixfr\-log\-size \fIsize\fR; // obsolete
437 zone \fIstring\fR \fIoptional_class\fR {
438 type ( master | slave | stub | hint |
439 forward | delegation\-only );
440 file \fIquoted_string\fR;
441 masters [ port \fIinteger\fR ] {
443 \fIipv4_address\fR [port \fIinteger\fR] |
444 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
446 database \fIstring\fR;
447 delegation\-only \fIboolean\fR;
448 check\-names ( fail | warn | ignore );
449 check\-mx ( fail | warn | ignore );
450 check\-integrity \fIboolean\fR;
451 check\-mx\-cname ( fail | warn | ignore );
452 check\-srv\-cname ( fail | warn | ignore );
453 dialup \fIdialuptype\fR;
454 ixfr\-from\-differences \fIboolean\fR;
455 journal \fIquoted_string\fR;
456 zero\-no\-soa\-ttl \fIboolean\fR;
457 allow\-query { \fIaddress_match_element\fR; ... };
458 allow\-transfer { \fIaddress_match_element\fR; ... };
459 allow\-update { \fIaddress_match_element\fR; ... };
460 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
462 ( grant | deny ) \fIstring\fR
463 ( name | subdomain | wildcard | self ) \fIstring\fR
464 \fIrrtypelist\fR; ...
466 update\-check\-ksk \fIboolean\fR;
467 masterfile\-format ( text | raw );
468 notify \fInotifytype\fR;
469 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
470 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
471 notify\-delay \fIseconds\fR;
472 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
473 [ port \fIinteger\fR ]; ... };
474 allow\-notify { \fIaddress_match_element\fR; ... };
475 forward ( first | only );
476 forwarders [ port \fIinteger\fR ] {
477 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
479 max\-journal\-size \fIsize_no_default\fR;
480 max\-transfer\-time\-in \fIinteger\fR;
481 max\-transfer\-time\-out \fIinteger\fR;
482 max\-transfer\-idle\-in \fIinteger\fR;
483 max\-transfer\-idle\-out \fIinteger\fR;
484 max\-retry\-time \fIinteger\fR;
485 min\-retry\-time \fIinteger\fR;
486 max\-refresh\-time \fIinteger\fR;
487 min\-refresh\-time \fIinteger\fR;
488 multi\-master \fIboolean\fR;
489 sig\-validity\-interval \fIinteger\fR;
490 transfer\-source ( \fIipv4_address\fR | * )
491 [ port ( \fIinteger\fR | * ) ];
492 transfer\-source\-v6 ( \fIipv6_address\fR | * )
493 [ port ( \fIinteger\fR | * ) ];
494 alt\-transfer\-source ( \fIipv4_address\fR | * )
495 [ port ( \fIinteger\fR | * ) ];
496 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
497 [ port ( \fIinteger\fR | * ) ];
498 use\-alt\-transfer\-source \fIboolean\fR;
499 zone\-statistics \fIboolean\fR;
500 key\-directory \fIquoted_string\fR;
501 ixfr\-base \fIquoted_string\fR; // obsolete
502 ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
503 maintain\-ixfr\-base \fIboolean\fR; // obsolete
504 max\-ixfr\-log\-size \fIsize\fR; // obsolete
505 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
511 \fI/etc/named.conf\fR
515 \fBnamed\-checkconf\fR(8),
517 BIND 9 Administrator Reference Manual.
519 Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")