contrib/bind9/bin/named/named.conf.5

   1 .\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
   2 .\"
   3 .\" Permission to use, copy, modify, and distribute this software for any
   4 .\" purpose with or without fee is hereby granted, provided that the above
   5 .\" copyright notice and this permission notice appear in all copies.
   6 .\"
   7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
   8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
   9 .\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  13 .\" PERFORMANCE OF THIS SOFTWARE.
  14 .\"
  15 .\" $Id: named.conf.5,v 1.1.4.2 2004/08/21 07:35:01 marka Exp $
  16 .\"
  17 .TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
  18 .SH NAME
  19 named.conf \- configuration file for named
  20 .SH SYNOPSIS
  21 .sp
  22 \fBnamed.conf\fR
  23 .SH "DESCRIPTION"
  24 .PP
  25 \fInamed.conf\fR is the configuration file for
  26 \fBnamed\fR. Statements are enclosed
  27 in braces and terminated with a semi-colon. Clauses in
  28 the statements are also semi-colon terminated. The usual
  29 comment styles are supported:
  30 .PP
  31 C style: /* */
  32 .PP
  33 C++ style: // to end of line
  34 .PP
  35 Unix style: # to end of line
  36 .SH "ACL"
  37 .sp
  38 .nf
  39 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
  40 .sp
  41 .fi
  42 .SH "KEY"
  43 .sp
  44 .nf
  45 key \fIdomain_name\fR {
  46         algorithm \fIstring\fR;
  47         secret \fIstring\fR;
  48 };
  49 .sp
  50 .fi
  51 .SH "MASTERS"
  52 .sp
  53 .nf
  54 masters \fIstring\fR [ port \fIinteger\fR ] {
  55         ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
  56         \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
  57 };
  58 .sp
  59 .fi
  60 .SH "SERVER"
  61 .sp
  62 .nf
  63 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
  64         bogus \fIboolean\fR;
  65         edns \fIboolean\fR;
  66         provide-ixfr \fIboolean\fR;
  67         request-ixfr \fIboolean\fR;
  68         keys \fIserver_key\fR;
  69         transfers \fIinteger\fR;
  70         transfer-format ( many-answers | one-answer );
  71         transfer-source ( \fIipv4_address\fR | * )
  72                 [ port ( \fIinteger\fR | * ) ];
  73         transfer-source-v6 ( \fIipv6_address\fR | * )
  74                 [ port ( \fIinteger\fR | * ) ];
  75
  76         support-ixfr \fIboolean\fR; // obsolete
  77 };
  78 .sp
  79 .fi
  80 .SH "TRUSTED-KEYS"
  81 .sp
  82 .nf
  83 trusted-keys {
  84         \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
  85 };
  86 .sp
  87 .fi
  88 .SH "CONTROLS"
  89 .sp
  90 .nf
  91 controls {
  92         inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
  93                 [ port ( \fIinteger\fR | * ) ]
  94                 allow { \fIaddress_match_element\fR; ... }
  95                 [ keys { \fIstring\fR; ... } ];
  96         unix \fIunsupported\fR; // not implemented
  97 };
  98 .sp
  99 .fi
 100 .SH "LOGGING"
 101 .sp
 102 .nf
 103 logging {
 104         channel \fIstring\fR {
 105                 file \fIlog_file\fR;
 106                 syslog \fIoptional_facility\fR;
 107                 null;
 108                 stderr;
 109                 severity \fIlog_severity\fR;
 110                 print-time \fIboolean\fR;
 111                 print-severity \fIboolean\fR;
 112                 print-category \fIboolean\fR;
 113         };
 114         category \fIstring\fR { \fIstring\fR; ... };
 115 };
 116 .sp
 117 .fi
 118 .SH "LWRES"
 119 .sp
 120 .nf
 121 lwres {
 122         listen-on [ port \fIinteger\fR ] {
 123                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 124         };
 125         view \fIstring\fR \fIoptional_class\fR;
 126         search { \fIstring\fR; ... };
 127         ndots \fIinteger\fR;
 128 };
 129 .sp
 130 .fi
 131 .SH "OPTIONS"
 132 .sp
 133 .nf
 134 options {
 135         avoid-v4-udp-ports { \fIport\fR; ... };
 136         avoid-v6-udp-ports { \fIport\fR; ... };
 137         blackhole { \fIaddress_match_element\fR; ... };
 138         coresize \fIsize\fR;
 139         datasize \fIsize\fR;
 140         directory \fIquoted_string\fR;
 141         dump-file \fIquoted_string\fR;
 142         files \fIsize\fR;
 143         heartbeat-interval \fIinteger\fR;
 144         host-statistics \fIboolean\fR; // not implemented
 145         hostname ( \fIquoted_string\fR | none );
 146         interface-interval \fIinteger\fR;
 147         listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
 148         listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
 149         match-mapped-addresses \fIboolean\fR;
 150         memstatistics-file \fIquoted_string\fR;
 151         pid-file ( \fIquoted_string\fR | none );
 152         port \fIinteger\fR;
 153         querylog \fIboolean\fR;
 154         recursing-file \fIquoted_string\fR;
 155         random-device \fIquoted_string\fR;
 156         recursive-clients \fIinteger\fR;
 157         serial-query-rate \fIinteger\fR;
 158         server-id ( \fIquoted_string\fR | none |;
 159         stacksize \fIsize\fR;
 160         statistics-file \fIquoted_string\fR;
 161         statistics-interval \fIinteger\fR; // not yet implemented
 162         tcp-clients \fIinteger\fR;
 163         tcp-listen-queue \fIinteger\fR;
 164         tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
 165         tkey-gssapi-credential \fIquoted_string\fR;
 166         tkey-domain \fIquoted_string\fR;
 167         transfers-per-ns \fIinteger\fR;
 168         transfers-in \fIinteger\fR;
 169         transfers-out \fIinteger\fR;
 170         use-ixfr \fIboolean\fR;
 171         version ( \fIquoted_string\fR | none );
 172         allow-recursion { \fIaddress_match_element\fR; ... };
 173         sortlist { \fIaddress_match_element\fR; ... };
 174         topology { \fIaddress_match_element\fR; ... }; // not implemented
 175         auth-nxdomain \fIboolean\fR; // default changed
 176         minimal-responses \fIboolean\fR;
 177         recursion \fIboolean\fR;
 178         rrset-order {
 179                 [ class \fIstring\fR ] [ type \fIstring\fR ]
 180                 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 181         };
 182         provide-ixfr \fIboolean\fR;
 183         request-ixfr \fIboolean\fR;
 184         rfc2308-type1 \fIboolean\fR; // not yet implemented
 185         additional-from-auth \fIboolean\fR;
 186         additional-from-cache \fIboolean\fR;
 187         query-source \fIquerysource4\fR;
 188         query-source-v6 \fIquerysource6\fR;
 189         cleaning-interval \fIinteger\fR;
 190         min-roots \fIinteger\fR; // not implemented
 191         lame-ttl \fIinteger\fR;
 192         max-ncache-ttl \fIinteger\fR;
 193         max-cache-ttl \fIinteger\fR;
 194         transfer-format ( many-answers | one-answer );
 195         max-cache-size \fIsize_no_default\fR;
 196         check-names ( master | slave | response )
 197                 ( fail | warn | ignore );
 198         cache-file \fIquoted_string\fR;
 199         suppress-initial-notify \fIboolean\fR; // not yet implemented
 200         preferred-glue \fIstring\fR;
 201         dual-stack-servers [ port \fIinteger\fR ] {
 202                 ( \fIquoted_string\fR [port \fIinteger\fR] |
 203                 \fIipv4_address\fR [port \fIinteger\fR] |
 204                 \fIipv6_address\fR [port \fIinteger\fR] ); ...
 205         }
 206         edns-udp-size \fIinteger\fR;
 207         root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
 208         disable-algorithms \fIstring\fR { \fIstring\fR; ... };
 209         dnssec-enable \fIboolean\fR;
 210         dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
 211         dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
 212
 213         dialup \fIdialuptype\fR;
 214         ixfr-from-differences \fIixfrdiff\fR;
 215
 216         allow-query { \fIaddress_match_element\fR; ... };
 217         allow-transfer { \fIaddress_match_element\fR; ... };
 218         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 219
 220         notify \fInotifytype\fR;
 221         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 222         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 223         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 224                 [ port \fIinteger\fR ]; ... };
 225         allow-notify { \fIaddress_match_element\fR; ... };
 226
 227         forward ( first | only );
 228         forwarders [ port \fIinteger\fR ] {
 229                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 230         };
 231
 232         max-journal-size \fIsize_no_default\fR;
 233         max-transfer-time-in \fIinteger\fR;
 234         max-transfer-time-out \fIinteger\fR;
 235         max-transfer-idle-in \fIinteger\fR;
 236         max-transfer-idle-out \fIinteger\fR;
 237         max-retry-time \fIinteger\fR;
 238         min-retry-time \fIinteger\fR;
 239         max-refresh-time \fIinteger\fR;
 240         min-refresh-time \fIinteger\fR;
 241         multi-master \fIboolean\fR;
 242         sig-validity-interval \fIinteger\fR;
 243
 244         transfer-source ( \fIipv4_address\fR | * )
 245                 [ port ( \fIinteger\fR | * ) ];
 246         transfer-source-v6 ( \fIipv6_address\fR | * )
 247                 [ port ( \fIinteger\fR | * ) ];
 248
 249         alt-transfer-source ( \fIipv4_address\fR | * )
 250                 [ port ( \fIinteger\fR | * ) ];
 251         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 252                 [ port ( \fIinteger\fR | * ) ];
 253         use-alt-transfer-source \fIboolean\fR;
 254
 255         zone-statistics \fIboolean\fR;
 256         key-directory \fIquoted_string\fR;
 257
 258         allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
 259         deallocate-on-exit \fIboolean\fR; // obsolete
 260         fake-iquery \fIboolean\fR; // obsolete
 261         fetch-glue \fIboolean\fR; // obsolete
 262         has-old-clients \fIboolean\fR; // obsolete
 263         maintain-ixfr-base \fIboolean\fR; // obsolete
 264         max-ixfr-log-size \fIsize\fR; // obsolete
 265         multiple-cnames \fIboolean\fR; // obsolete
 266         named-xfer \fIquoted_string\fR; // obsolete
 267         serial-queries \fIinteger\fR; // obsolete
 268         treat-cr-as-space \fIboolean\fR; // obsolete
 269         use-id-pool \fIboolean\fR; // obsolete
 270 };
 271 .sp
 272 .fi
 273 .SH "VIEW"
 274 .sp
 275 .nf
 276 view \fIstring\fR \fIoptional_class\fR {
 277         match-clients { \fIaddress_match_element\fR; ... };
 278         match-destinations { \fIaddress_match_element\fR; ... };
 279         match-recursive-only \fIboolean\fR;
 280
 281         key \fIstring\fR {
 282                 algorithm \fIstring\fR;
 283                 secret \fIstring\fR;
 284         };
 285
 286         zone \fIstring\fR \fIoptional_class\fR {
 287                 ...
 288         };
 289
 290         server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
 291                 ...
 292         };
 293
 294         trusted-keys {
 295                 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
 296         };
 297
 298         allow-recursion { \fIaddress_match_element\fR; ... };
 299         sortlist { \fIaddress_match_element\fR; ... };
 300         topology { \fIaddress_match_element\fR; ... }; // not implemented
 301         auth-nxdomain \fIboolean\fR; // default changed
 302         minimal-responses \fIboolean\fR;
 303         recursion \fIboolean\fR;
 304         rrset-order {
 305                 [ class \fIstring\fR ] [ type \fIstring\fR ]
 306                 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 307         };
 308         provide-ixfr \fIboolean\fR;
 309         request-ixfr \fIboolean\fR;
 310         rfc2308-type1 \fIboolean\fR; // not yet implemented
 311         additional-from-auth \fIboolean\fR;
 312         additional-from-cache \fIboolean\fR;
 313         query-source \fIquerysource4\fR;
 314         query-source-v6 \fIquerysource6\fR;
 315         cleaning-interval \fIinteger\fR;
 316         min-roots \fIinteger\fR; // not implemented
 317         lame-ttl \fIinteger\fR;
 318         max-ncache-ttl \fIinteger\fR;
 319         max-cache-ttl \fIinteger\fR;
 320         transfer-format ( many-answers | one-answer );
 321         max-cache-size \fIsize_no_default\fR;
 322         check-names ( master | slave | response )
 323                 ( fail | warn | ignore );
 324         cache-file \fIquoted_string\fR;
 325         suppress-initial-notify \fIboolean\fR; // not yet implemented
 326         preferred-glue \fIstring\fR;
 327         dual-stack-servers [ port \fIinteger\fR ] {
 328                 ( \fIquoted_string\fR [port \fIinteger\fR] |
 329                 \fIipv4_address\fR [port \fIinteger\fR] |
 330                 \fIipv6_address\fR [port \fIinteger\fR] ); ...
 331         };
 332         edns-udp-size \fIinteger\fR;
 333         root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
 334         disable-algorithms \fIstring\fR { \fIstring\fR; ... };
 335         dnssec-enable \fIboolean\fR;
 336         dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
 337
 338         dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
 339         dialup \fIdialuptype\fR;
 340         ixfr-from-differences \fIixfrdiff\fR;
 341
 342         allow-query { \fIaddress_match_element\fR; ... };
 343         allow-transfer { \fIaddress_match_element\fR; ... };
 344         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 345
 346         notify \fInotifytype\fR;
 347         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 348         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 349         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 350                 [ port \fIinteger\fR ]; ... };
 351         allow-notify { \fIaddress_match_element\fR; ... };
 352
 353         forward ( first | only );
 354         forwarders [ port \fIinteger\fR ] {
 355                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 356         };
 357
 358         max-journal-size \fIsize_no_default\fR;
 359         max-transfer-time-in \fIinteger\fR;
 360         max-transfer-time-out \fIinteger\fR;
 361         max-transfer-idle-in \fIinteger\fR;
 362         max-transfer-idle-out \fIinteger\fR;
 363         max-retry-time \fIinteger\fR;
 364         min-retry-time \fIinteger\fR;
 365         max-refresh-time \fIinteger\fR;
 366         min-refresh-time \fIinteger\fR;
 367         multi-master \fIboolean\fR;
 368         sig-validity-interval \fIinteger\fR;
 369
 370         transfer-source ( \fIipv4_address\fR | * )
 371                 [ port ( \fIinteger\fR | * ) ];
 372         transfer-source-v6 ( \fIipv6_address\fR | * )
 373                 [ port ( \fIinteger\fR | * ) ];
 374
 375         alt-transfer-source ( \fIipv4_address\fR | * )
 376                 [ port ( \fIinteger\fR | * ) ];
 377         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 378                 [ port ( \fIinteger\fR | * ) ];
 379         use-alt-transfer-source \fIboolean\fR;
 380
 381         zone-statistics \fIboolean\fR;
 382         key-directory \fIquoted_string\fR;
 383
 384         allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
 385         fetch-glue \fIboolean\fR; // obsolete
 386         maintain-ixfr-base \fIboolean\fR; // obsolete
 387         max-ixfr-log-size \fIsize\fR; // obsolete
 388 };
 389 .sp
 390 .fi
 391 .SH "ZONE"
 392 .sp
 393 .nf
 394 zone \fIstring\fR \fIoptional_class\fR {
 395         type ( master | slave | stub | hint |
 396                 forward | delegation-only );
 397         file \fIquoted_string\fR;
 398
 399         masters [ port \fIinteger\fR ] {
 400                 ( \fImasters\fR |
 401                 \fIipv4_address\fR [port \fIinteger\fR] |
 402                 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
 403         };
 404
 405         database \fIstring\fR;
 406         delegation-only \fIboolean\fR;
 407         check-names ( fail | warn | ignore );
 408         dialup \fIdialuptype\fR;
 409         ixfr-from-differences \fIboolean\fR;
 410
 411         allow-query { \fIaddress_match_element\fR; ... };
 412         allow-transfer { \fIaddress_match_element\fR; ... };
 413         allow-update { \fIaddress_match_element\fR; ... };
 414         allow-update-forwarding { \fIaddress_match_element\fR; ... };
 415         update-policy {
 416                 ( grant | deny ) \fIstring\fR
 417                 ( name | subdomain | wildcard | self ) \fIstring\fR
 418                 \fIrrtypelist\fR; ...
 419         };
 420
 421         notify \fInotifytype\fR;
 422         notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 423         notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
 424         also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 425                 [ port \fIinteger\fR ]; ... };
 426         allow-notify { \fIaddress_match_element\fR; ... };
 427
 428         forward ( first | only );
 429         forwarders [ port \fIinteger\fR ] {
 430                 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 431         };
 432
 433         max-journal-size \fIsize_no_default\fR;
 434         max-transfer-time-in \fIinteger\fR;
 435         max-transfer-time-out \fIinteger\fR;
 436         max-transfer-idle-in \fIinteger\fR;
 437         max-transfer-idle-out \fIinteger\fR;
 438         max-retry-time \fIinteger\fR;
 439         min-retry-time \fIinteger\fR;
 440         max-refresh-time \fIinteger\fR;
 441         min-refresh-time \fIinteger\fR;
 442         multi-master \fIboolean\fR;
 443         sig-validity-interval \fIinteger\fR;
 444
 445         transfer-source ( \fIipv4_address\fR | * )
 446                 [ port ( \fIinteger\fR | * ) ];
 447         transfer-source-v6 ( \fIipv6_address\fR | * )
 448                 [ port ( \fIinteger\fR | * ) ];
 449
 450         alt-transfer-source ( \fIipv4_address\fR | * )
 451                 [ port ( \fIinteger\fR | * ) ];
 452         alt-transfer-source-v6 ( \fIipv6_address\fR | * )
 453                 [ port ( \fIinteger\fR | * ) ];
 454         use-alt-transfer-source \fIboolean\fR;
 455
 456         zone-statistics \fIboolean\fR;
 457         key-directory \fIquoted_string\fR;
 458
 459         ixfr-base \fIquoted_string\fR; // obsolete
 460         ixfr-tmp-file \fIquoted_string\fR; // obsolete
 461         maintain-ixfr-base \fIboolean\fR; // obsolete
 462         max-ixfr-log-size \fIsize\fR; // obsolete
 463         pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
 464 };
 465 .sp
 466 .fi
 467 .SH "FILES"
 468 .PP
 469 \fI/etc/named.conf\fR
 470 .SH "SEE ALSO"
 471 .PP
 472 \fBnamed\fR(8),
 473 \fBrndc\fR(8),
 474 \fBBIND 9 Adminstrators Reference Manual\fR.