1 .\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $
19 .\" Title: \fInamed.conf\fR
21 .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
22 .\" Date: Aug 13, 2004
26 .TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
27 .\" disable hyphenation
29 .\" disable justification (adjust text to left margin only)
32 named.conf \- configuration file for named
39 is the configuration file for
40 \fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
44 C++ style: // to end of line
46 Unix style: # to end of line
51 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
58 key \fIdomain_name\fR {
59 algorithm \fIstring\fR;
68 masters \fIstring\fR [ port \fIinteger\fR ] {
69 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
70 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
78 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
81 provide\-ixfr \fIboolean\fR;
82 request\-ixfr \fIboolean\fR;
83 keys \fIserver_key\fR;
84 transfers \fIinteger\fR;
85 transfer\-format ( many\-answers | one\-answer );
86 transfer\-source ( \fIipv4_address\fR | * )
87 [ port ( \fIinteger\fR | * ) ];
88 transfer\-source\-v6 ( \fIipv6_address\fR | * )
89 [ port ( \fIinteger\fR | * ) ];
90 support\-ixfr \fIboolean\fR; // obsolete
99 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
108 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
109 [ port ( \fIinteger\fR | * ) ]
110 allow { \fIaddress_match_element\fR; ... }
111 [ keys { \fIstring\fR; ... } ];
112 unix \fIunsupported\fR; // not implemented
121 channel \fIstring\fR {
123 syslog \fIoptional_facility\fR;
126 severity \fIlog_severity\fR;
127 print\-time \fIboolean\fR;
128 print\-severity \fIboolean\fR;
129 print\-category \fIboolean\fR;
131 category \fIstring\fR { \fIstring\fR; ... };
140 listen\-on [ port \fIinteger\fR ] {
141 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
143 view \fIstring\fR \fIoptional_class\fR;
144 search { \fIstring\fR; ... };
154 avoid\-v4\-udp\-ports { \fIport\fR; ... };
155 avoid\-v6\-udp\-ports { \fIport\fR; ... };
156 blackhole { \fIaddress_match_element\fR; ... };
159 directory \fIquoted_string\fR;
160 cache\-file \fIquoted_string\fR; // test option
161 dump\-file \fIquoted_string\fR;
163 heartbeat\-interval \fIinteger\fR;
164 host\-statistics \fIboolean\fR; // not implemented
165 host\-statistics\-max \fInumber\fR; // not implemented
166 hostname ( \fIquoted_string\fR | none );
167 interface\-interval \fIinteger\fR;
168 listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
169 listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
170 match\-mapped\-addresses \fIboolean\fR;
171 memstatistics\-file \fIquoted_string\fR;
172 pid\-file ( \fIquoted_string\fR | none );
174 querylog \fIboolean\fR;
175 recursing\-file \fIquoted_string\fR;
176 random\-device \fIquoted_string\fR;
177 recursive\-clients \fIinteger\fR;
178 serial\-query\-rate \fIinteger\fR;
179 server\-id ( \fIquoted_string\fR | none |;
180 stacksize \fIsize\fR;
181 statistics\-file \fIquoted_string\fR;
182 statistics\-interval \fIinteger\fR; // not yet implemented
183 tcp\-clients \fIinteger\fR;
184 tcp\-listen\-queue \fIinteger\fR;
185 tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
186 tkey\-gssapi\-credential \fIquoted_string\fR;
187 tkey\-domain \fIquoted_string\fR;
188 transfers\-per\-ns \fIinteger\fR;
189 transfers\-in \fIinteger\fR;
190 transfers\-out \fIinteger\fR;
191 use\-ixfr \fIboolean\fR;
192 version ( \fIquoted_string\fR | none );
193 allow\-recursion { \fIaddress_match_element\fR; ... };
194 sortlist { \fIaddress_match_element\fR; ... };
195 topology { \fIaddress_match_element\fR; ... }; // not implemented
196 auth\-nxdomain \fIboolean\fR; // default changed
197 minimal\-responses \fIboolean\fR;
198 recursion \fIboolean\fR;
200 [ class \fIstring\fR ] [ type \fIstring\fR ]
201 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
203 provide\-ixfr \fIboolean\fR;
204 request\-ixfr \fIboolean\fR;
205 rfc2308\-type1 \fIboolean\fR; // not yet implemented
206 additional\-from\-auth \fIboolean\fR;
207 additional\-from\-cache \fIboolean\fR;
208 query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
209 query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
210 cleaning\-interval \fIinteger\fR;
211 min\-roots \fIinteger\fR; // not implemented
212 lame\-ttl \fIinteger\fR;
213 max\-ncache\-ttl \fIinteger\fR;
214 max\-cache\-ttl \fIinteger\fR;
215 transfer\-format ( many\-answers | one\-answer );
216 max\-cache\-size \fIsize_no_default\fR;
217 check\-names ( master | slave | response )
218 ( fail | warn | ignore );
219 cache\-file \fIquoted_string\fR;
220 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
221 preferred\-glue \fIstring\fR;
222 dual\-stack\-servers [ port \fIinteger\fR ] {
223 ( \fIquoted_string\fR [port \fIinteger\fR] |
224 \fIipv4_address\fR [port \fIinteger\fR] |
225 \fIipv6_address\fR [port \fIinteger\fR] ); ...
227 edns\-udp\-size \fIinteger\fR;
228 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
229 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
230 dnssec\-enable \fIboolean\fR;
231 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
232 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
233 dialup \fIdialuptype\fR;
234 ixfr\-from\-differences \fIixfrdiff\fR;
235 allow\-query { \fIaddress_match_element\fR; ... };
236 allow\-transfer { \fIaddress_match_element\fR; ... };
237 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
238 notify \fInotifytype\fR;
239 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
240 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
241 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
242 [ port \fIinteger\fR ]; ... };
243 allow\-notify { \fIaddress_match_element\fR; ... };
244 forward ( first | only );
245 forwarders [ port \fIinteger\fR ] {
246 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
248 max\-journal\-size \fIsize_no_default\fR;
249 max\-transfer\-time\-in \fIinteger\fR;
250 max\-transfer\-time\-out \fIinteger\fR;
251 max\-transfer\-idle\-in \fIinteger\fR;
252 max\-transfer\-idle\-out \fIinteger\fR;
253 max\-retry\-time \fIinteger\fR;
254 min\-retry\-time \fIinteger\fR;
255 max\-refresh\-time \fIinteger\fR;
256 min\-refresh\-time \fIinteger\fR;
257 multi\-master \fIboolean\fR;
258 sig\-validity\-interval \fIinteger\fR;
259 transfer\-source ( \fIipv4_address\fR | * )
260 [ port ( \fIinteger\fR | * ) ];
261 transfer\-source\-v6 ( \fIipv6_address\fR | * )
262 [ port ( \fIinteger\fR | * ) ];
263 alt\-transfer\-source ( \fIipv4_address\fR | * )
264 [ port ( \fIinteger\fR | * ) ];
265 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
266 [ port ( \fIinteger\fR | * ) ];
267 use\-alt\-transfer\-source \fIboolean\fR;
268 zone\-statistics \fIboolean\fR;
269 key\-directory \fIquoted_string\fR;
270 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
271 deallocate\-on\-exit \fIboolean\fR; // obsolete
272 fake\-iquery \fIboolean\fR; // obsolete
273 fetch\-glue \fIboolean\fR; // obsolete
274 has\-old\-clients \fIboolean\fR; // obsolete
275 maintain\-ixfr\-base \fIboolean\fR; // obsolete
276 max\-ixfr\-log\-size \fIsize\fR; // obsolete
277 multiple\-cnames \fIboolean\fR; // obsolete
278 named\-xfer \fIquoted_string\fR; // obsolete
279 serial\-queries \fIinteger\fR; // obsolete
280 treat\-cr\-as\-space \fIboolean\fR; // obsolete
281 use\-id\-pool \fIboolean\fR; // obsolete
289 view \fIstring\fR \fIoptional_class\fR {
290 match\-clients { \fIaddress_match_element\fR; ... };
291 match\-destinations { \fIaddress_match_element\fR; ... };
292 match\-recursive\-only \fIboolean\fR;
294 algorithm \fIstring\fR;
297 zone \fIstring\fR \fIoptional_class\fR {
300 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
304 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
306 allow\-recursion { \fIaddress_match_element\fR; ... };
307 sortlist { \fIaddress_match_element\fR; ... };
308 topology { \fIaddress_match_element\fR; ... }; // not implemented
309 auth\-nxdomain \fIboolean\fR; // default changed
310 minimal\-responses \fIboolean\fR;
311 recursion \fIboolean\fR;
313 [ class \fIstring\fR ] [ type \fIstring\fR ]
314 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
316 provide\-ixfr \fIboolean\fR;
317 request\-ixfr \fIboolean\fR;
318 rfc2308\-type1 \fIboolean\fR; // not yet implemented
319 additional\-from\-auth \fIboolean\fR;
320 additional\-from\-cache \fIboolean\fR;
321 query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
322 query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
323 cleaning\-interval \fIinteger\fR;
324 min\-roots \fIinteger\fR; // not implemented
325 lame\-ttl \fIinteger\fR;
326 max\-ncache\-ttl \fIinteger\fR;
327 max\-cache\-ttl \fIinteger\fR;
328 transfer\-format ( many\-answers | one\-answer );
329 max\-cache\-size \fIsize_no_default\fR;
330 check\-names ( master | slave | response )
331 ( fail | warn | ignore );
332 cache\-file \fIquoted_string\fR;
333 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
334 preferred\-glue \fIstring\fR;
335 dual\-stack\-servers [ port \fIinteger\fR ] {
336 ( \fIquoted_string\fR [port \fIinteger\fR] |
337 \fIipv4_address\fR [port \fIinteger\fR] |
338 \fIipv6_address\fR [port \fIinteger\fR] ); ...
340 edns\-udp\-size \fIinteger\fR;
341 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
342 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
343 dnssec\-enable \fIboolean\fR;
344 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
345 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
346 dialup \fIdialuptype\fR;
347 ixfr\-from\-differences \fIixfrdiff\fR;
348 allow\-query { \fIaddress_match_element\fR; ... };
349 allow\-transfer { \fIaddress_match_element\fR; ... };
350 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
351 notify \fInotifytype\fR;
352 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
353 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
354 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
355 [ port \fIinteger\fR ]; ... };
356 allow\-notify { \fIaddress_match_element\fR; ... };
357 forward ( first | only );
358 forwarders [ port \fIinteger\fR ] {
359 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
361 max\-journal\-size \fIsize_no_default\fR;
362 max\-transfer\-time\-in \fIinteger\fR;
363 max\-transfer\-time\-out \fIinteger\fR;
364 max\-transfer\-idle\-in \fIinteger\fR;
365 max\-transfer\-idle\-out \fIinteger\fR;
366 max\-retry\-time \fIinteger\fR;
367 min\-retry\-time \fIinteger\fR;
368 max\-refresh\-time \fIinteger\fR;
369 min\-refresh\-time \fIinteger\fR;
370 multi\-master \fIboolean\fR;
371 sig\-validity\-interval \fIinteger\fR;
372 transfer\-source ( \fIipv4_address\fR | * )
373 [ port ( \fIinteger\fR | * ) ];
374 transfer\-source\-v6 ( \fIipv6_address\fR | * )
375 [ port ( \fIinteger\fR | * ) ];
376 alt\-transfer\-source ( \fIipv4_address\fR | * )
377 [ port ( \fIinteger\fR | * ) ];
378 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
379 [ port ( \fIinteger\fR | * ) ];
380 use\-alt\-transfer\-source \fIboolean\fR;
381 zone\-statistics \fIboolean\fR;
382 key\-directory \fIquoted_string\fR;
383 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
384 fetch\-glue \fIboolean\fR; // obsolete
385 maintain\-ixfr\-base \fIboolean\fR; // obsolete
386 max\-ixfr\-log\-size \fIsize\fR; // obsolete
394 zone \fIstring\fR \fIoptional_class\fR {
395 type ( master | slave | stub | hint |
396 forward | delegation\-only );
397 file \fIquoted_string\fR;
398 masters [ port \fIinteger\fR ] {
400 \fIipv4_address\fR [port \fIinteger\fR] |
401 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
403 database \fIstring\fR;
404 delegation\-only \fIboolean\fR;
405 check\-names ( fail | warn | ignore );
406 dialup \fIdialuptype\fR;
407 ixfr\-from\-differences \fIboolean\fR;
408 allow\-query { \fIaddress_match_element\fR; ... };
409 allow\-transfer { \fIaddress_match_element\fR; ... };
410 allow\-update { \fIaddress_match_element\fR; ... };
411 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
413 ( grant | deny ) \fIstring\fR
414 ( name | subdomain | wildcard | self ) \fIstring\fR
415 \fIrrtypelist\fR; ...
417 notify \fInotifytype\fR;
418 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
419 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
420 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
421 [ port \fIinteger\fR ]; ... };
422 allow\-notify { \fIaddress_match_element\fR; ... };
423 forward ( first | only );
424 forwarders [ port \fIinteger\fR ] {
425 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
427 max\-journal\-size \fIsize_no_default\fR;
428 max\-transfer\-time\-in \fIinteger\fR;
429 max\-transfer\-time\-out \fIinteger\fR;
430 max\-transfer\-idle\-in \fIinteger\fR;
431 max\-transfer\-idle\-out \fIinteger\fR;
432 max\-retry\-time \fIinteger\fR;
433 min\-retry\-time \fIinteger\fR;
434 max\-refresh\-time \fIinteger\fR;
435 min\-refresh\-time \fIinteger\fR;
436 multi\-master \fIboolean\fR;
437 sig\-validity\-interval \fIinteger\fR;
438 transfer\-source ( \fIipv4_address\fR | * )
439 [ port ( \fIinteger\fR | * ) ];
440 transfer\-source\-v6 ( \fIipv6_address\fR | * )
441 [ port ( \fIinteger\fR | * ) ];
442 alt\-transfer\-source ( \fIipv4_address\fR | * )
443 [ port ( \fIinteger\fR | * ) ];
444 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
445 [ port ( \fIinteger\fR | * ) ];
446 use\-alt\-transfer\-source \fIboolean\fR;
447 zone\-statistics \fIboolean\fR;
448 key\-directory \fIquoted_string\fR;
449 ixfr\-base \fIquoted_string\fR; // obsolete
450 ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
451 maintain\-ixfr\-base \fIboolean\fR; // obsolete
452 max\-ixfr\-log\-size \fIsize\fR; // obsolete
453 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
459 \fI/etc/named.conf\fR
464 \fBBIND 9 Administrator Reference Manual\fR().
466 Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")