1 .\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.4.3 2004/10/18 02:33:06 marka Exp $
17 .TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
19 named.conf \- configuration file for named
25 \fInamed.conf\fR is the configuration file for
26 \fBnamed\fR. Statements are enclosed
27 in braces and terminated with a semi-colon. Clauses in
28 the statements are also semi-colon terminated. The usual
29 comment styles are supported:
33 C++ style: // to end of line
35 Unix style: # to end of line
39 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
45 key \fIdomain_name\fR {
46 algorithm \fIstring\fR;
54 masters \fIstring\fR [ port \fIinteger\fR ] {
55 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
56 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
63 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
66 provide-ixfr \fIboolean\fR;
67 request-ixfr \fIboolean\fR;
68 keys \fIserver_key\fR;
69 transfers \fIinteger\fR;
70 transfer-format ( many-answers | one-answer );
71 transfer-source ( \fIipv4_address\fR | * )
72 [ port ( \fIinteger\fR | * ) ];
73 transfer-source-v6 ( \fIipv6_address\fR | * )
74 [ port ( \fIinteger\fR | * ) ];
76 support-ixfr \fIboolean\fR; // obsolete
84 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
92 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
93 [ port ( \fIinteger\fR | * ) ]
94 allow { \fIaddress_match_element\fR; ... }
95 [ keys { \fIstring\fR; ... } ];
96 unix \fIunsupported\fR; // not implemented
104 channel \fIstring\fR {
106 syslog \fIoptional_facility\fR;
109 severity \fIlog_severity\fR;
110 print-time \fIboolean\fR;
111 print-severity \fIboolean\fR;
112 print-category \fIboolean\fR;
114 category \fIstring\fR { \fIstring\fR; ... };
122 listen-on [ port \fIinteger\fR ] {
123 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
125 view \fIstring\fR \fIoptional_class\fR;
126 search { \fIstring\fR; ... };
135 avoid-v4-udp-ports { \fIport\fR; ... };
136 avoid-v6-udp-ports { \fIport\fR; ... };
137 blackhole { \fIaddress_match_element\fR; ... };
140 directory \fIquoted_string\fR;
141 dump-file \fIquoted_string\fR;
143 heartbeat-interval \fIinteger\fR;
144 host-statistics \fIboolean\fR; // not implemented
145 host-statistics-max \fInumber\fR; // not implemented
146 hostname ( \fIquoted_string\fR | none );
147 interface-interval \fIinteger\fR;
148 listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
149 listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
150 match-mapped-addresses \fIboolean\fR;
151 memstatistics-file \fIquoted_string\fR;
152 pid-file ( \fIquoted_string\fR | none );
154 querylog \fIboolean\fR;
155 recursing-file \fIquoted_string\fR;
156 random-device \fIquoted_string\fR;
157 recursive-clients \fIinteger\fR;
158 serial-query-rate \fIinteger\fR;
159 server-id ( \fIquoted_string\fR | none |;
160 stacksize \fIsize\fR;
161 statistics-file \fIquoted_string\fR;
162 statistics-interval \fIinteger\fR; // not yet implemented
163 tcp-clients \fIinteger\fR;
164 tcp-listen-queue \fIinteger\fR;
165 tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
166 tkey-gssapi-credential \fIquoted_string\fR;
167 tkey-domain \fIquoted_string\fR;
168 transfers-per-ns \fIinteger\fR;
169 transfers-in \fIinteger\fR;
170 transfers-out \fIinteger\fR;
171 use-ixfr \fIboolean\fR;
172 version ( \fIquoted_string\fR | none );
173 allow-recursion { \fIaddress_match_element\fR; ... };
174 sortlist { \fIaddress_match_element\fR; ... };
175 topology { \fIaddress_match_element\fR; ... }; // not implemented
176 auth-nxdomain \fIboolean\fR; // default changed
177 minimal-responses \fIboolean\fR;
178 recursion \fIboolean\fR;
180 [ class \fIstring\fR ] [ type \fIstring\fR ]
181 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
183 provide-ixfr \fIboolean\fR;
184 request-ixfr \fIboolean\fR;
185 rfc2308-type1 \fIboolean\fR; // not yet implemented
186 additional-from-auth \fIboolean\fR;
187 additional-from-cache \fIboolean\fR;
188 query-source \fIquerysource4\fR;
189 query-source-v6 \fIquerysource6\fR;
190 cleaning-interval \fIinteger\fR;
191 min-roots \fIinteger\fR; // not implemented
192 lame-ttl \fIinteger\fR;
193 max-ncache-ttl \fIinteger\fR;
194 max-cache-ttl \fIinteger\fR;
195 transfer-format ( many-answers | one-answer );
196 max-cache-size \fIsize_no_default\fR;
197 check-names ( master | slave | response )
198 ( fail | warn | ignore );
199 cache-file \fIquoted_string\fR;
200 suppress-initial-notify \fIboolean\fR; // not yet implemented
201 preferred-glue \fIstring\fR;
202 dual-stack-servers [ port \fIinteger\fR ] {
203 ( \fIquoted_string\fR [port \fIinteger\fR] |
204 \fIipv4_address\fR [port \fIinteger\fR] |
205 \fIipv6_address\fR [port \fIinteger\fR] ); ...
207 edns-udp-size \fIinteger\fR;
208 root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
209 disable-algorithms \fIstring\fR { \fIstring\fR; ... };
210 dnssec-enable \fIboolean\fR;
211 dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
212 dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
214 dialup \fIdialuptype\fR;
215 ixfr-from-differences \fIixfrdiff\fR;
217 allow-query { \fIaddress_match_element\fR; ... };
218 allow-transfer { \fIaddress_match_element\fR; ... };
219 allow-update-forwarding { \fIaddress_match_element\fR; ... };
221 notify \fInotifytype\fR;
222 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
223 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
224 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
225 [ port \fIinteger\fR ]; ... };
226 allow-notify { \fIaddress_match_element\fR; ... };
228 forward ( first | only );
229 forwarders [ port \fIinteger\fR ] {
230 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
233 max-journal-size \fIsize_no_default\fR;
234 max-transfer-time-in \fIinteger\fR;
235 max-transfer-time-out \fIinteger\fR;
236 max-transfer-idle-in \fIinteger\fR;
237 max-transfer-idle-out \fIinteger\fR;
238 max-retry-time \fIinteger\fR;
239 min-retry-time \fIinteger\fR;
240 max-refresh-time \fIinteger\fR;
241 min-refresh-time \fIinteger\fR;
242 multi-master \fIboolean\fR;
243 sig-validity-interval \fIinteger\fR;
245 transfer-source ( \fIipv4_address\fR | * )
246 [ port ( \fIinteger\fR | * ) ];
247 transfer-source-v6 ( \fIipv6_address\fR | * )
248 [ port ( \fIinteger\fR | * ) ];
250 alt-transfer-source ( \fIipv4_address\fR | * )
251 [ port ( \fIinteger\fR | * ) ];
252 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
253 [ port ( \fIinteger\fR | * ) ];
254 use-alt-transfer-source \fIboolean\fR;
256 zone-statistics \fIboolean\fR;
257 key-directory \fIquoted_string\fR;
259 allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
260 deallocate-on-exit \fIboolean\fR; // obsolete
261 fake-iquery \fIboolean\fR; // obsolete
262 fetch-glue \fIboolean\fR; // obsolete
263 has-old-clients \fIboolean\fR; // obsolete
264 maintain-ixfr-base \fIboolean\fR; // obsolete
265 max-ixfr-log-size \fIsize\fR; // obsolete
266 multiple-cnames \fIboolean\fR; // obsolete
267 named-xfer \fIquoted_string\fR; // obsolete
268 serial-queries \fIinteger\fR; // obsolete
269 treat-cr-as-space \fIboolean\fR; // obsolete
270 use-id-pool \fIboolean\fR; // obsolete
277 view \fIstring\fR \fIoptional_class\fR {
278 match-clients { \fIaddress_match_element\fR; ... };
279 match-destinations { \fIaddress_match_element\fR; ... };
280 match-recursive-only \fIboolean\fR;
283 algorithm \fIstring\fR;
287 zone \fIstring\fR \fIoptional_class\fR {
291 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
296 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
299 allow-recursion { \fIaddress_match_element\fR; ... };
300 sortlist { \fIaddress_match_element\fR; ... };
301 topology { \fIaddress_match_element\fR; ... }; // not implemented
302 auth-nxdomain \fIboolean\fR; // default changed
303 minimal-responses \fIboolean\fR;
304 recursion \fIboolean\fR;
306 [ class \fIstring\fR ] [ type \fIstring\fR ]
307 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
309 provide-ixfr \fIboolean\fR;
310 request-ixfr \fIboolean\fR;
311 rfc2308-type1 \fIboolean\fR; // not yet implemented
312 additional-from-auth \fIboolean\fR;
313 additional-from-cache \fIboolean\fR;
314 query-source \fIquerysource4\fR;
315 query-source-v6 \fIquerysource6\fR;
316 cleaning-interval \fIinteger\fR;
317 min-roots \fIinteger\fR; // not implemented
318 lame-ttl \fIinteger\fR;
319 max-ncache-ttl \fIinteger\fR;
320 max-cache-ttl \fIinteger\fR;
321 transfer-format ( many-answers | one-answer );
322 max-cache-size \fIsize_no_default\fR;
323 check-names ( master | slave | response )
324 ( fail | warn | ignore );
325 cache-file \fIquoted_string\fR;
326 suppress-initial-notify \fIboolean\fR; // not yet implemented
327 preferred-glue \fIstring\fR;
328 dual-stack-servers [ port \fIinteger\fR ] {
329 ( \fIquoted_string\fR [port \fIinteger\fR] |
330 \fIipv4_address\fR [port \fIinteger\fR] |
331 \fIipv6_address\fR [port \fIinteger\fR] ); ...
333 edns-udp-size \fIinteger\fR;
334 root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
335 disable-algorithms \fIstring\fR { \fIstring\fR; ... };
336 dnssec-enable \fIboolean\fR;
337 dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
339 dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
340 dialup \fIdialuptype\fR;
341 ixfr-from-differences \fIixfrdiff\fR;
343 allow-query { \fIaddress_match_element\fR; ... };
344 allow-transfer { \fIaddress_match_element\fR; ... };
345 allow-update-forwarding { \fIaddress_match_element\fR; ... };
347 notify \fInotifytype\fR;
348 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
349 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
350 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
351 [ port \fIinteger\fR ]; ... };
352 allow-notify { \fIaddress_match_element\fR; ... };
354 forward ( first | only );
355 forwarders [ port \fIinteger\fR ] {
356 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
359 max-journal-size \fIsize_no_default\fR;
360 max-transfer-time-in \fIinteger\fR;
361 max-transfer-time-out \fIinteger\fR;
362 max-transfer-idle-in \fIinteger\fR;
363 max-transfer-idle-out \fIinteger\fR;
364 max-retry-time \fIinteger\fR;
365 min-retry-time \fIinteger\fR;
366 max-refresh-time \fIinteger\fR;
367 min-refresh-time \fIinteger\fR;
368 multi-master \fIboolean\fR;
369 sig-validity-interval \fIinteger\fR;
371 transfer-source ( \fIipv4_address\fR | * )
372 [ port ( \fIinteger\fR | * ) ];
373 transfer-source-v6 ( \fIipv6_address\fR | * )
374 [ port ( \fIinteger\fR | * ) ];
376 alt-transfer-source ( \fIipv4_address\fR | * )
377 [ port ( \fIinteger\fR | * ) ];
378 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
379 [ port ( \fIinteger\fR | * ) ];
380 use-alt-transfer-source \fIboolean\fR;
382 zone-statistics \fIboolean\fR;
383 key-directory \fIquoted_string\fR;
385 allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
386 fetch-glue \fIboolean\fR; // obsolete
387 maintain-ixfr-base \fIboolean\fR; // obsolete
388 max-ixfr-log-size \fIsize\fR; // obsolete
395 zone \fIstring\fR \fIoptional_class\fR {
396 type ( master | slave | stub | hint |
397 forward | delegation-only );
398 file \fIquoted_string\fR;
400 masters [ port \fIinteger\fR ] {
402 \fIipv4_address\fR [port \fIinteger\fR] |
403 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
406 database \fIstring\fR;
407 delegation-only \fIboolean\fR;
408 check-names ( fail | warn | ignore );
409 dialup \fIdialuptype\fR;
410 ixfr-from-differences \fIboolean\fR;
412 allow-query { \fIaddress_match_element\fR; ... };
413 allow-transfer { \fIaddress_match_element\fR; ... };
414 allow-update { \fIaddress_match_element\fR; ... };
415 allow-update-forwarding { \fIaddress_match_element\fR; ... };
417 ( grant | deny ) \fIstring\fR
418 ( name | subdomain | wildcard | self ) \fIstring\fR
419 \fIrrtypelist\fR; ...
422 notify \fInotifytype\fR;
423 notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
424 notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
425 also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
426 [ port \fIinteger\fR ]; ... };
427 allow-notify { \fIaddress_match_element\fR; ... };
429 forward ( first | only );
430 forwarders [ port \fIinteger\fR ] {
431 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
434 max-journal-size \fIsize_no_default\fR;
435 max-transfer-time-in \fIinteger\fR;
436 max-transfer-time-out \fIinteger\fR;
437 max-transfer-idle-in \fIinteger\fR;
438 max-transfer-idle-out \fIinteger\fR;
439 max-retry-time \fIinteger\fR;
440 min-retry-time \fIinteger\fR;
441 max-refresh-time \fIinteger\fR;
442 min-refresh-time \fIinteger\fR;
443 multi-master \fIboolean\fR;
444 sig-validity-interval \fIinteger\fR;
446 transfer-source ( \fIipv4_address\fR | * )
447 [ port ( \fIinteger\fR | * ) ];
448 transfer-source-v6 ( \fIipv6_address\fR | * )
449 [ port ( \fIinteger\fR | * ) ];
451 alt-transfer-source ( \fIipv4_address\fR | * )
452 [ port ( \fIinteger\fR | * ) ];
453 alt-transfer-source-v6 ( \fIipv6_address\fR | * )
454 [ port ( \fIinteger\fR | * ) ];
455 use-alt-transfer-source \fIboolean\fR;
457 zone-statistics \fIboolean\fR;
458 key-directory \fIquoted_string\fR;
460 ixfr-base \fIquoted_string\fR; // obsolete
461 ixfr-tmp-file \fIquoted_string\fR; // obsolete
462 maintain-ixfr-base \fIboolean\fR; // obsolete
463 max-ixfr-log-size \fIsize\fR; // obsolete
464 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
470 \fI/etc/named.conf\fR
475 \fBBIND 9 Adminstrators Reference Manual\fR.