1 .\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.4.2 2004/08/21 07:35:01 marka Exp $
17 .TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
19 named.conf \- configuration file for named
25 \fInamed.conf\fR is the configuration file for
26 \fBnamed\fR. Statements are enclosed
27 in braces and terminated with a semi-colon. Clauses in
28 the statements are also semi-colon terminated. The usual
29 comment styles are supported:
33 C++ style: // to end of line
35 Unix style: # to end of line
39 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
45 key \fIdomain_name\fR {
46 algorithm \fIstring\fR;
54 masters \fIstring\fR [ port \fIinteger\fR ] {
55 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
56 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
63 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
66 provide-ixfr \fIboolean\fR;
67 request-ixfr \fIboolean\fR;
68 keys \fIserver_key\fR;
69 transfers \fIinteger\fR;
70 transfer-format ( many-answers | one-answer );
71 transfer-source ( \fIipv4_address\fR | * )
72 [ port ( \fIinteger\fR | * ) ];
73 transfer-source-v6 ( \fIipv6_address\fR | * )
74 [ port ( \fIinteger\fR | * ) ];
76 support-ixfr \fIboolean\fR; // obsolete
84 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
92 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
93 [ port ( \fIinteger\fR | * ) ]
94 allow { \fIaddress_match_element\fR; ... }
95 [ keys { \fIstring\fR; ... } ];
96 unix \fIunsupported\fR; // not implemented
104 channel \fIstring\fR {
106 syslog \fIoptional_facility\fR;
109 severity \fIlog_severity\fR;
110 print-time \fIboolean\fR;
111 print-severity \fIboolean\fR;
112 print-category \fIboolean\fR;
114 category \fIstring\fR { \fIstring\fR; ... };
122 listen-on [ port \fIinteger\fR ] {
123 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
125 view \fIstring\fR \fIoptional_class\fR;
126 search { \fIstring\fR; ... };
135 avoid-v4-udp-ports { \fIport\fR; ... };
136 avoid-v6-udp-ports { \fIport\fR; ... };
137 blackhole { \fIaddress_match_element\fR; ... };
140 directory \fIquoted_string\fR;
141 dump-file \fIquoted_string\fR;
143 heartbeat-interval \fIinteger\fR;
144 host-statistics \fIboolean\fR; // not implemented
145 hostname ( \fIquoted_string\fR | none );
146 interface-interval \fIinteger\fR;
147 listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
148 listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
149 match-mapped-addresses \fIboolean\fR;
150 memstatistics-file \fIquoted_string\fR;
151 pid-file ( \fIquoted_string\fR | none );
153 querylog \fIboolean\fR;
154 recursing-file \fIquoted_string\fR;
155 random-device \fIquoted_string\fR;
156 recursive-clients \fIinteger\fR;
157 serial-query-rate \fIinteger\fR;
158 server-id ( \fIquoted_string\fR | none |;
159 stacksize \fIsize\fR;
160 statistics-file \fIquoted_string\fR;
161 statistics-interval \fIinteger\fR; // not yet implemented
162 tcp-clients \fIinteger\fR;
163 tcp-listen-queue \fIinteger\fR;
164 tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
165 tkey-gssapi-credential \fIquoted_string\fR;
166 tkey-domain \fIquoted_string\fR;
167 transfers-per-ns \fIinteger\fR;
168 transfers-in \fIinteger\fR;
169 transfers-out \fIinteger\fR;
170 use-ixfr \fIboolean\fR;
171 version ( \fIquoted_string\fR | none );
172 allow-recursion { \fIaddress_match_element\fR; ... };
173 sortlist { \fIaddress_match_element\fR; ... };
174 topology { \fIaddress_match_element\fR; ... }; // not implemented
175 auth-nxdomain \fIboolean\fR; // default changed
176 minimal-responses \fIboolean\fR;
177 recursion \fIboolean\fR;
179 [ class \fIstring\fR ] [ type \fIstring\fR ]
180 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
182 provide-ixfr \fIboolean\fR;
183 request-ixfr \fIboolean\fR;
184 rfc2308-type1 \fIboolean\fR; // not yet implemented
185 additional-from-auth \fIboolean\fR;
186 additional-from-cache \fIboolean\fR;
187 query-source \fIquerysource4\fR;
188 query-source-v6 \fIquerysource6\fR;
189 cleaning-interval \fIinteger\fR;
190 min-roots \fIinteger\fR; // not implemented
191 lame-ttl \fIinteger\fR;
192 max-ncache-ttl \fIinteger\fR;
193 max-cache-ttl \fIinteger\fR;
194 transfer-format ( many-answers | one-answer );
195 max-cache-size \fIsize_no_default\fR;
196 check-names ( master | slave | response )
197 ( fail | warn | ignore );
198 cache-file \fIquoted_string\fR;
199 suppress-initial-notify \fIboolean\fR; // not yet implemented
200 preferred-glue \fIstring\fR;
201 dual-stack-servers [ port \fIinteger\fR ] {
202 ( \fIquoted_string\fR [port \fIinteger\fR] |
203 \fIipv4_address\fR [port \fIinteger\fR] |
204 \fIipv6_address\fR [port \fIinteger\fR] ); ...
206 edns-udp-size \fIinteger\fR;
207 root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
208 disable-algorithms \fIstring\fR { \fIstring\fR; ... };
209 dnssec-enable \fIboolean\fR;
210 dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
211 dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
213 dialup \fIdialuptype\fR;
214 ixfr-from-differences \fIixfrdiff\fR;
216 allow-query { \fIaddress_match_element\fR; ... };
217 allow-transfer { \fIaddress_match_element\fR; ... };
218 allow-update-forwarding { \fIaddress_match_element\fR; ... };
220 notify \fInotifytype\fR;
221 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
222 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
223 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
224 [ port \fIinteger\fR ]; ... };
225 allow-notify { \fIaddress_match_element\fR; ... };
227 forward ( first | only );
228 forwarders [ port \fIinteger\fR ] {
229 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
232 max-journal-size \fIsize_no_default\fR;
233 max-transfer-time-in \fIinteger\fR;
234 max-transfer-time-out \fIinteger\fR;
235 max-transfer-idle-in \fIinteger\fR;
236 max-transfer-idle-out \fIinteger\fR;
237 max-retry-time \fIinteger\fR;
238 min-retry-time \fIinteger\fR;
239 max-refresh-time \fIinteger\fR;
240 min-refresh-time \fIinteger\fR;
241 multi-master \fIboolean\fR;
242 sig-validity-interval \fIinteger\fR;
244 transfer-source ( \fIipv4_address\fR | * )
245 [ port ( \fIinteger\fR | * ) ];
246 transfer-source-v6 ( \fIipv6_address\fR | * )
247 [ port ( \fIinteger\fR | * ) ];
249 alt-transfer-source ( \fIipv4_address\fR | * )
250 [ port ( \fIinteger\fR | * ) ];
251 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
252 [ port ( \fIinteger\fR | * ) ];
253 use-alt-transfer-source \fIboolean\fR;
255 zone-statistics \fIboolean\fR;
256 key-directory \fIquoted_string\fR;
258 allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
259 deallocate-on-exit \fIboolean\fR; // obsolete
260 fake-iquery \fIboolean\fR; // obsolete
261 fetch-glue \fIboolean\fR; // obsolete
262 has-old-clients \fIboolean\fR; // obsolete
263 maintain-ixfr-base \fIboolean\fR; // obsolete
264 max-ixfr-log-size \fIsize\fR; // obsolete
265 multiple-cnames \fIboolean\fR; // obsolete
266 named-xfer \fIquoted_string\fR; // obsolete
267 serial-queries \fIinteger\fR; // obsolete
268 treat-cr-as-space \fIboolean\fR; // obsolete
269 use-id-pool \fIboolean\fR; // obsolete
276 view \fIstring\fR \fIoptional_class\fR {
277 match-clients { \fIaddress_match_element\fR; ... };
278 match-destinations { \fIaddress_match_element\fR; ... };
279 match-recursive-only \fIboolean\fR;
282 algorithm \fIstring\fR;
286 zone \fIstring\fR \fIoptional_class\fR {
290 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
295 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
298 allow-recursion { \fIaddress_match_element\fR; ... };
299 sortlist { \fIaddress_match_element\fR; ... };
300 topology { \fIaddress_match_element\fR; ... }; // not implemented
301 auth-nxdomain \fIboolean\fR; // default changed
302 minimal-responses \fIboolean\fR;
303 recursion \fIboolean\fR;
305 [ class \fIstring\fR ] [ type \fIstring\fR ]
306 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
308 provide-ixfr \fIboolean\fR;
309 request-ixfr \fIboolean\fR;
310 rfc2308-type1 \fIboolean\fR; // not yet implemented
311 additional-from-auth \fIboolean\fR;
312 additional-from-cache \fIboolean\fR;
313 query-source \fIquerysource4\fR;
314 query-source-v6 \fIquerysource6\fR;
315 cleaning-interval \fIinteger\fR;
316 min-roots \fIinteger\fR; // not implemented
317 lame-ttl \fIinteger\fR;
318 max-ncache-ttl \fIinteger\fR;
319 max-cache-ttl \fIinteger\fR;
320 transfer-format ( many-answers | one-answer );
321 max-cache-size \fIsize_no_default\fR;
322 check-names ( master | slave | response )
323 ( fail | warn | ignore );
324 cache-file \fIquoted_string\fR;
325 suppress-initial-notify \fIboolean\fR; // not yet implemented
326 preferred-glue \fIstring\fR;
327 dual-stack-servers [ port \fIinteger\fR ] {
328 ( \fIquoted_string\fR [port \fIinteger\fR] |
329 \fIipv4_address\fR [port \fIinteger\fR] |
330 \fIipv6_address\fR [port \fIinteger\fR] ); ...
332 edns-udp-size \fIinteger\fR;
333 root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
334 disable-algorithms \fIstring\fR { \fIstring\fR; ... };
335 dnssec-enable \fIboolean\fR;
336 dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
338 dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
339 dialup \fIdialuptype\fR;
340 ixfr-from-differences \fIixfrdiff\fR;
342 allow-query { \fIaddress_match_element\fR; ... };
343 allow-transfer { \fIaddress_match_element\fR; ... };
344 allow-update-forwarding { \fIaddress_match_element\fR; ... };
346 notify \fInotifytype\fR;
347 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
348 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
349 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
350 [ port \fIinteger\fR ]; ... };
351 allow-notify { \fIaddress_match_element\fR; ... };
353 forward ( first | only );
354 forwarders [ port \fIinteger\fR ] {
355 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
358 max-journal-size \fIsize_no_default\fR;
359 max-transfer-time-in \fIinteger\fR;
360 max-transfer-time-out \fIinteger\fR;
361 max-transfer-idle-in \fIinteger\fR;
362 max-transfer-idle-out \fIinteger\fR;
363 max-retry-time \fIinteger\fR;
364 min-retry-time \fIinteger\fR;
365 max-refresh-time \fIinteger\fR;
366 min-refresh-time \fIinteger\fR;
367 multi-master \fIboolean\fR;
368 sig-validity-interval \fIinteger\fR;
370 transfer-source ( \fIipv4_address\fR | * )
371 [ port ( \fIinteger\fR | * ) ];
372 transfer-source-v6 ( \fIipv6_address\fR | * )
373 [ port ( \fIinteger\fR | * ) ];
375 alt-transfer-source ( \fIipv4_address\fR | * )
376 [ port ( \fIinteger\fR | * ) ];
377 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
378 [ port ( \fIinteger\fR | * ) ];
379 use-alt-transfer-source \fIboolean\fR;
381 zone-statistics \fIboolean\fR;
382 key-directory \fIquoted_string\fR;
384 allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
385 fetch-glue \fIboolean\fR; // obsolete
386 maintain-ixfr-base \fIboolean\fR; // obsolete
387 max-ixfr-log-size \fIsize\fR; // obsolete
394 zone \fIstring\fR \fIoptional_class\fR {
395 type ( master | slave | stub | hint |
396 forward | delegation-only );
397 file \fIquoted_string\fR;
399 masters [ port \fIinteger\fR ] {
401 \fIipv4_address\fR [port \fIinteger\fR] |
402 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
405 database \fIstring\fR;
406 delegation-only \fIboolean\fR;
407 check-names ( fail | warn | ignore );
408 dialup \fIdialuptype\fR;
409 ixfr-from-differences \fIboolean\fR;
411 allow-query { \fIaddress_match_element\fR; ... };
412 allow-transfer { \fIaddress_match_element\fR; ... };
413 allow-update { \fIaddress_match_element\fR; ... };
414 allow-update-forwarding { \fIaddress_match_element\fR; ... };
416 ( grant | deny ) \fIstring\fR
417 ( name | subdomain | wildcard | self ) \fIstring\fR
418 \fIrrtypelist\fR; ...
421 notify \fInotifytype\fR;
422 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
423 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
424 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
425 [ port \fIinteger\fR ]; ... };
426 allow-notify { \fIaddress_match_element\fR; ... };
428 forward ( first | only );
429 forwarders [ port \fIinteger\fR ] {
430 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
433 max-journal-size \fIsize_no_default\fR;
434 max-transfer-time-in \fIinteger\fR;
435 max-transfer-time-out \fIinteger\fR;
436 max-transfer-idle-in \fIinteger\fR;
437 max-transfer-idle-out \fIinteger\fR;
438 max-retry-time \fIinteger\fR;
439 min-retry-time \fIinteger\fR;
440 max-refresh-time \fIinteger\fR;
441 min-refresh-time \fIinteger\fR;
442 multi-master \fIboolean\fR;
443 sig-validity-interval \fIinteger\fR;
445 transfer-source ( \fIipv4_address\fR | * )
446 [ port ( \fIinteger\fR | * ) ];
447 transfer-source-v6 ( \fIipv6_address\fR | * )
448 [ port ( \fIinteger\fR | * ) ];
450 alt-transfer-source ( \fIipv4_address\fR | * )
451 [ port ( \fIinteger\fR | * ) ];
452 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
453 [ port ( \fIinteger\fR | * ) ];
454 use-alt-transfer-source \fIboolean\fR;
456 zone-statistics \fIboolean\fR;
457 key-directory \fIquoted_string\fR;
459 ixfr-base \fIquoted_string\fR; // obsolete
460 ixfr-tmp-file \fIquoted_string\fR; // obsolete
461 maintain-ixfr-base \fIboolean\fR; // obsolete
462 max-ixfr-log-size \fIsize\fR; // obsolete
463 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
469 \fI/etc/named.conf\fR
474 \fBBIND 9 Adminstrators Reference Manual\fR.