contrib/bind9/bin/named/named.conf.5

   1 .\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
   2 .\"
   3 .\" Permission to use, copy, modify, and distribute this software for any
   4 .\" purpose with or without fee is hereby granted, provided that the above
   5 .\" copyright notice and this permission notice appear in all copies.
   6 .\"
   7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
   8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
   9 .\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  13 .\" PERFORMANCE OF THIS SOFTWARE.
  14 .\"
  15 .\" $Id: named.conf.5,v 1.1.4.3 2004/10/18 02:33:06 marka Exp $
  16 .\"
  17 .TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
  18 .SH NAME
  19 named.conf \- configuration file for named
  20 .SH SYNOPSIS
  21 .sp
  22 \fBnamed.conf\fR
  23 .SH "DESCRIPTION"
  24 .PP
  25 \fInamed.conf\fR is the configuration file for
  26 \fBnamed\fR. Statements are enclosed
  27 in braces and terminated with a semi-colon. Clauses in
  28 the statements are also semi-colon terminated. The usual
  29 comment styles are supported:
  30 .PP
  31 C style: /* */
  32 .PP
  33 C++ style: // to end of line
  34 .PP
  35 Unix style: # to end of line
  36 .SH "ACL"
  37 .sp
  38 .nf
  39 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
  40 .sp
  41 .fi
  42 .SH "KEY"
  43 .sp
  44 .nf
  45 key \fIdomain_name\fR {
  46         algorithm \fIstring\fR;
  47         secret \fIstring\fR;
  48 };
  49 .sp
  50 .fi
  51 .SH "MASTERS"
  52 .sp
  53 .nf
  54 masters \fIstring\fR [ port \fIinteger\fR ] {
  55         ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
  56         \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
  57 };
  58 .sp
  59 .fi
  60 .SH "SERVER"
  61 .sp
  62 .nf
  63 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
  64         bogus \fIboolean\fR;
  65         edns \fIboolean\fR;
  66         provide-ixfr \fIboolean\fR;
  67         request-ixfr \fIboolean\fR;
  68         keys \fIserver_key\fR;
  69         transfers \fIinteger\fR;
  70         transfer-format ( many-answers | one-answer );
  71         transfer-source ( \fIipv4_address\fR | * )
  72                 [ port ( \fIinteger\fR | * ) ];
  73         transfer-source-v6 ( \fIipv6_address\fR | * )
  74                 [ port ( \fIinteger\fR | * ) ];
  75
  76         support-ixfr \fIboolean\fR; // obsolete
  77 };
  78 .sp
  79 .fi
  80 .SH "TRUSTED-KEYS"
  81 .sp
  82 .nf
  83 trusted-keys {
  84         \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
  85 };
  86 .sp
  87 .fi
  88 .SH "CONTROLS"
  89 .sp
  90 .nf
  91 controls {
  92         inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
  93                 [ port ( \fIinteger\fR | * ) ]
  94                 allow { \fIaddress_match_element\fR; ... }
  95                 [ keys { \fIstring\fR; ... } ];
  96         unix \fIunsupported\fR; // not implemented
  97 };
  98 .sp
  99 .fi
 100 .SH "LOGGING"
 101 .sp
 102 .nf
 103 logging {
 104         channel \fIstring\fR {
 105                 file \fIlog_file\fR;
 106                 syslog \fIoptional_facility\fR;
 107                 null;
 108                 stderr;
 109                 severity \fIlog_severity\fR;
 110                 print-time \fIboolean\fR;
 111                 print-severity \fIboolean\fR;
 112                 print-category \fIboolean\fR;
 113         };
 114         category \fIstring\fR { \fIstring\fR; ... };
 115 };
 116 .sp
 117 .fi
 118 .SH "LWRES"
 119 .sp
 120 .nf
 121 lwres {
 122         listen-on [ port \fIinteger\fR ] {
 123                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 124         };
 125         view \fIstring\fR \fIoptional_class\fR;
 126         search { \fIstring\fR; ... };
 127         ndots \fIinteger\fR;
 128 };
 129 .sp
 130 .fi
 131 .SH "OPTIONS"
 132 .sp
 133 .nf
 134 options {
 135         avoid-v4-udp-ports { \fIport\fR; ... };
 136         avoid-v6-udp-ports { \fIport\fR; ... };
 137         blackhole { \fIaddress_match_element\fR; ... };
 138         coresize \fIsize\fR;
 139         datasize \fIsize\fR;
 140         directory \fIquoted_string\fR;
 141         dump-file \fIquoted_string\fR;
 142         files \fIsize\fR;
 143         heartbeat-interval \fIinteger\fR;
 144         host-statistics \fIboolean\fR; // not implemented
 145         host-statistics-max \fInumber\fR; // not implemented
 146         hostname ( \fIquoted_string\fR | none );
 147         interface-interval \fIinteger\fR;
 148         listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
 149         listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
 150         match-mapped-addresses \fIboolean\fR;
 151         memstatistics-file \fIquoted_string\fR;
 152         pid-file ( \fIquoted_string\fR | none );
 153         port \fIinteger\fR;
 154         querylog \fIboolean\fR;
 155         recursing-file \fIquoted_string\fR;
 156         random-device \fIquoted_string\fR;
 157         recursive-clients \fIinteger\fR;
 158         serial-query-rate \fIinteger\fR;
 159         server-id ( \fIquoted_string\fR | none |;
 160         stacksize \fIsize\fR;
 161         statistics-file \fIquoted_string\fR;
 162         statistics-interval \fIinteger\fR; // not yet implemented
 163         tcp-clients \fIinteger\fR;
 164         tcp-listen-queue \fIinteger\fR;
 165         tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
 166         tkey-gssapi-credential \fIquoted_string\fR;
 167         tkey-domain \fIquoted_string\fR;
 168         transfers-per-ns \fIinteger\fR;
 169         transfers-in \fIinteger\fR;
 170         transfers-out \fIinteger\fR;
 171         use-ixfr \fIboolean\fR;
 172         version ( \fIquoted_string\fR | none );
 173         allow-recursion { \fIaddress_match_element\fR; ... };
 174         sortlist { \fIaddress_match_element\fR; ... };
 175         topology { \fIaddress_match_element\fR; ... }; // not implemented
 176         auth-nxdomain \fIboolean\fR; // default changed
 177         minimal-responses \fIboolean\fR;
 178         recursion \fIboolean\fR;
 179         rrset-order {
 180                 [ class \fIstring\fR ] [ type \fIstring\fR ]
 181                 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 182         };
 183         provide-ixfr \fIboolean\fR;
 184         request-ixfr \fIboolean\fR;
 185         rfc2308-type1 \fIboolean\fR; // not yet implemented
 186         additional-from-auth \fIboolean\fR;
 187         additional-from-cache \fIboolean\fR;
 188         query-source \fIquerysource4\fR;
 189         query-source-v6 \fIquerysource6\fR;
 190         cleaning-interval \fIinteger\fR;
 191         min-roots \fIinteger\fR; // not implemented
 192         lame-ttl \fIinteger\fR;
 193         max-ncache-ttl \fIinteger\fR;
 194         max-cache-ttl \fIinteger\fR;
 195         transfer-format ( many-answers | one-answer );
 196         max-cache-size \fIsize_no_default\fR;
 197         check-names ( master | slave | response )
 198                 ( fail | warn | ignore );
 199         cache-file \fIquoted_string\fR;
 200         suppress-initial-notify \fIboolean\fR; // not yet implemented
 201         preferred-glue \fIstring\fR;
 202         dual-stack-servers [ port \fIinteger\fR ] {
 203                 ( \fIquoted_string\fR [port \fIinteger\fR] |
 204                 \fIipv4_address\fR [port \fIinteger\fR] |
 205                 \fIipv6_address\fR [port \fIinteger\fR] ); ...
 206         }
 207         edns-udp-size \fIinteger\fR;
 208         root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
 209         disable-algorithms \fIstring\fR { \fIstring\fR; ... };
 210         dnssec-enable \fIboolean\fR;
 211         dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
 212         dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
 213
 214         dialup \fIdialuptype\fR;
 215         ixfr-from-differences \fIixfrdiff\fR;
 216
 217         allow-query { \fIaddress_match_element\fR; ... };
 218         allow-transfer { \fIaddress_match_element\fR; ... };
 219         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 220
 221         notify \fInotifytype\fR;
 222         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 223         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 224         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 225                 [ port \fIinteger\fR ]; ... };
 226         allow-notify { \fIaddress_match_element\fR; ... };
 227
 228         forward ( first | only );
 229         forwarders [ port \fIinteger\fR ] {
 230                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 231         };
 232
 233         max-journal-size \fIsize_no_default\fR;
 234         max-transfer-time-in \fIinteger\fR;
 235         max-transfer-time-out \fIinteger\fR;
 236         max-transfer-idle-in \fIinteger\fR;
 237         max-transfer-idle-out \fIinteger\fR;
 238         max-retry-time \fIinteger\fR;
 239         min-retry-time \fIinteger\fR;
 240         max-refresh-time \fIinteger\fR;
 241         min-refresh-time \fIinteger\fR;
 242         multi-master \fIboolean\fR;
 243         sig-validity-interval \fIinteger\fR;
 244
 245         transfer-source ( \fIipv4_address\fR | * )
 246                 [ port ( \fIinteger\fR | * ) ];
 247         transfer-source-v6 ( \fIipv6_address\fR | * )
 248                 [ port ( \fIinteger\fR | * ) ];
 249
 250         alt-transfer-source ( \fIipv4_address\fR | * )
 251                 [ port ( \fIinteger\fR | * ) ];
 252         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 253                 [ port ( \fIinteger\fR | * ) ];
 254         use-alt-transfer-source \fIboolean\fR;
 255
 256         zone-statistics \fIboolean\fR;
 257         key-directory \fIquoted_string\fR;
 258
 259         allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
 260         deallocate-on-exit \fIboolean\fR; // obsolete
 261         fake-iquery \fIboolean\fR; // obsolete
 262         fetch-glue \fIboolean\fR; // obsolete
 263         has-old-clients \fIboolean\fR; // obsolete
 264         maintain-ixfr-base \fIboolean\fR; // obsolete
 265         max-ixfr-log-size \fIsize\fR; // obsolete
 266         multiple-cnames \fIboolean\fR; // obsolete
 267         named-xfer \fIquoted_string\fR; // obsolete
 268         serial-queries \fIinteger\fR; // obsolete
 269         treat-cr-as-space \fIboolean\fR; // obsolete
 270         use-id-pool \fIboolean\fR; // obsolete
 271 };
 272 .sp
 273 .fi
 274 .SH "VIEW"
 275 .sp
 276 .nf
 277 view \fIstring\fR \fIoptional_class\fR {
 278         match-clients { \fIaddress_match_element\fR; ... };
 279         match-destinations { \fIaddress_match_element\fR; ... };
 280         match-recursive-only \fIboolean\fR;
 281
 282         key \fIstring\fR {
 283                 algorithm \fIstring\fR;
 284                 secret \fIstring\fR;
 285         };
 286
 287         zone \fIstring\fR \fIoptional_class\fR {
 288                 ...
 289         };
 290
 291         server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
 292                 ...
 293         };
 294
 295         trusted-keys {
 296                 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
 297         };
 298
 299         allow-recursion { \fIaddress_match_element\fR; ... };
 300         sortlist { \fIaddress_match_element\fR; ... };
 301         topology { \fIaddress_match_element\fR; ... }; // not implemented
 302         auth-nxdomain \fIboolean\fR; // default changed
 303         minimal-responses \fIboolean\fR;
 304         recursion \fIboolean\fR;
 305         rrset-order {
 306                 [ class \fIstring\fR ] [ type \fIstring\fR ]
 307                 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 308         };
 309         provide-ixfr \fIboolean\fR;
 310         request-ixfr \fIboolean\fR;
 311         rfc2308-type1 \fIboolean\fR; // not yet implemented
 312         additional-from-auth \fIboolean\fR;
 313         additional-from-cache \fIboolean\fR;
 314         query-source \fIquerysource4\fR;
 315         query-source-v6 \fIquerysource6\fR;
 316         cleaning-interval \fIinteger\fR;
 317         min-roots \fIinteger\fR; // not implemented
 318         lame-ttl \fIinteger\fR;
 319         max-ncache-ttl \fIinteger\fR;
 320         max-cache-ttl \fIinteger\fR;
 321         transfer-format ( many-answers | one-answer );
 322         max-cache-size \fIsize_no_default\fR;
 323         check-names ( master | slave | response )
 324                 ( fail | warn | ignore );
 325         cache-file \fIquoted_string\fR;
 326         suppress-initial-notify \fIboolean\fR; // not yet implemented
 327         preferred-glue \fIstring\fR;
 328         dual-stack-servers [ port \fIinteger\fR ] {
 329                 ( \fIquoted_string\fR [port \fIinteger\fR] |
 330                 \fIipv4_address\fR [port \fIinteger\fR] |
 331                 \fIipv6_address\fR [port \fIinteger\fR] ); ...
 332         };
 333         edns-udp-size \fIinteger\fR;
 334         root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
 335         disable-algorithms \fIstring\fR { \fIstring\fR; ... };
 336         dnssec-enable \fIboolean\fR;
 337         dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
 338
 339         dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
 340         dialup \fIdialuptype\fR;
 341         ixfr-from-differences \fIixfrdiff\fR;
 342
 343         allow-query { \fIaddress_match_element\fR; ... };
 344         allow-transfer { \fIaddress_match_element\fR; ... };
 345         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 346
 347         notify \fInotifytype\fR;
 348         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 349         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 350         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 351                 [ port \fIinteger\fR ]; ... };
 352         allow-notify { \fIaddress_match_element\fR; ... };
 353
 354         forward ( first | only );
 355         forwarders [ port \fIinteger\fR ] {
 356                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 357         };
 358
 359         max-journal-size \fIsize_no_default\fR;
 360         max-transfer-time-in \fIinteger\fR;
 361         max-transfer-time-out \fIinteger\fR;
 362         max-transfer-idle-in \fIinteger\fR;
 363         max-transfer-idle-out \fIinteger\fR;
 364         max-retry-time \fIinteger\fR;
 365         min-retry-time \fIinteger\fR;
 366         max-refresh-time \fIinteger\fR;
 367         min-refresh-time \fIinteger\fR;
 368         multi-master \fIboolean\fR;
 369         sig-validity-interval \fIinteger\fR;
 370
 371         transfer-source ( \fIipv4_address\fR | * )
 372                 [ port ( \fIinteger\fR | * ) ];
 373         transfer-source-v6 ( \fIipv6_address\fR | * )
 374                 [ port ( \fIinteger\fR | * ) ];
 375
 376         alt-transfer-source ( \fIipv4_address\fR | * )
 377                 [ port ( \fIinteger\fR | * ) ];
 378         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 379                 [ port ( \fIinteger\fR | * ) ];
 380         use-alt-transfer-source \fIboolean\fR;
 381
 382         zone-statistics \fIboolean\fR;
 383         key-directory \fIquoted_string\fR;
 384
 385         allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
 386         fetch-glue \fIboolean\fR; // obsolete
 387         maintain-ixfr-base \fIboolean\fR; // obsolete
 388         max-ixfr-log-size \fIsize\fR; // obsolete
 389 };
 390 .sp
 391 .fi
 392 .SH "ZONE"
 393 .sp
 394 .nf
 395 zone \fIstring\fR \fIoptional_class\fR {
 396         type ( master | slave | stub | hint |
 397                 forward | delegation-only );
 398         file \fIquoted_string\fR;
 399
 400         masters [ port \fIinteger\fR ] {
 401                 ( \fImasters\fR |
 402                 \fIipv4_address\fR [port \fIinteger\fR] |
 403                 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
 404         };
 405
 406         database \fIstring\fR;
 407         delegation-only \fIboolean\fR;
 408         check-names ( fail | warn | ignore );
 409         dialup \fIdialuptype\fR;
 410         ixfr-from-differences \fIboolean\fR;
 411
 412         allow-query { \fIaddress_match_element\fR; ... };
 413         allow-transfer { \fIaddress_match_element\fR; ... };
 414         allow-update { \fIaddress_match_element\fR; ... };
 415         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 416         update-policy {
 417                 ( grant | deny ) \fIstring\fR
 418                 ( name | subdomain | wildcard | self ) \fIstring\fR
 419                 \fIrrtypelist\fR; ...
 420         };
 421
 422         notify \fInotifytype\fR;
 423         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 424         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 425         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 426                 [ port \fIinteger\fR ]; ... };
 427         allow-notify { \fIaddress_match_element\fR; ... };
 428
 429         forward ( first | only );
 430         forwarders [ port \fIinteger\fR ] {
 431                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 432         };
 433
 434         max-journal-size \fIsize_no_default\fR;
 435         max-transfer-time-in \fIinteger\fR;
 436         max-transfer-time-out \fIinteger\fR;
 437         max-transfer-idle-in \fIinteger\fR;
 438         max-transfer-idle-out \fIinteger\fR;
 439         max-retry-time \fIinteger\fR;
 440         min-retry-time \fIinteger\fR;
 441         max-refresh-time \fIinteger\fR;
 442         min-refresh-time \fIinteger\fR;
 443         multi-master \fIboolean\fR;
 444         sig-validity-interval \fIinteger\fR;
 445
 446         transfer-source ( \fIipv4_address\fR | * )
 447                 [ port ( \fIinteger\fR | * ) ];
 448         transfer-source-v6 ( \fIipv6_address\fR | * )
 449                 [ port ( \fIinteger\fR | * ) ];
 450
 451         alt-transfer-source ( \fIipv4_address\fR | * )
 452                 [ port ( \fIinteger\fR | * ) ];
 453         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 454                 [ port ( \fIinteger\fR | * ) ];
 455         use-alt-transfer-source \fIboolean\fR;
 456
 457         zone-statistics \fIboolean\fR;
 458         key-directory \fIquoted_string\fR;
 459
 460         ixfr-base \fIquoted_string\fR; // obsolete
 461         ixfr-tmp-file \fIquoted_string\fR; // obsolete
 462         maintain-ixfr-base \fIboolean\fR; // obsolete
 463         max-ixfr-log-size \fIsize\fR; // obsolete
 464         pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
 465 };
 466 .sp
 467 .fi
 468 .SH "FILES"
 469 .PP
 470 \fI/etc/named.conf\fR
 471 .SH "SEE ALSO"
 472 .PP
 473 \fBnamed\fR(8),
 474 \fBrndc\fR(8),
 475 \fBBIND 9 Adminstrators Reference Manual\fR.