1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
20 <!-- $Id: named.conf.docbook,v 1.49.14.1 2011-02-03 05:50:05 marka Exp $ -->
23 <date>Aug 13, 2004</date>
27 <refentrytitle><filename>named.conf</filename></refentrytitle>
28 <manvolnum>5</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
33 <refname><filename>named.conf</filename></refname>
34 <refpurpose>configuration file for named</refpurpose>
47 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
53 <command>named.conf</command>
58 <title>DESCRIPTION</title>
59 <para><filename>named.conf</filename> is the configuration file
61 <command>named</command>. Statements are enclosed
62 in braces and terminated with a semi-colon. Clauses in
63 the statements are also semi-colon terminated. The usual
64 comment styles are supported:
70 C++ style: // to end of line
73 Unix style: # to end of line
80 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
88 key <replaceable>domain_name</replaceable> {
89 algorithm <replaceable>string</replaceable>;
90 secret <replaceable>string</replaceable>;
96 <title>MASTERS</title>
98 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
99 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
100 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
106 <title>SERVER</title>
108 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
109 bogus <replaceable>boolean</replaceable>;
110 edns <replaceable>boolean</replaceable>;
111 edns-udp-size <replaceable>integer</replaceable>;
112 max-udp-size <replaceable>integer</replaceable>;
113 provide-ixfr <replaceable>boolean</replaceable>;
114 request-ixfr <replaceable>boolean</replaceable>;
115 keys <replaceable>server_key</replaceable>;
116 transfers <replaceable>integer</replaceable>;
117 transfer-format ( many-answers | one-answer );
118 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
119 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
120 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
123 support-ixfr <replaceable>boolean</replaceable>; // obsolete
129 <title>TRUSTED-KEYS</title>
132 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
138 <title>MANAGED-KEYS</title>
141 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
147 <title>CONTROLS</title>
150 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
151 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
152 allow { <replaceable>address_match_element</replaceable>; ... }
153 <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
154 unix <replaceable>unsupported</replaceable>; // not implemented
160 <title>LOGGING</title>
163 channel <replaceable>string</replaceable> {
164 file <replaceable>log_file</replaceable>;
165 syslog <replaceable>optional_facility</replaceable>;
168 severity <replaceable>log_severity</replaceable>;
169 print-time <replaceable>boolean</replaceable>;
170 print-severity <replaceable>boolean</replaceable>;
171 print-category <replaceable>boolean</replaceable>;
173 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
182 listen-on <optional> port <replaceable>integer</replaceable> </optional> {
183 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
185 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
186 search { <replaceable>string</replaceable>; ... };
187 ndots <replaceable>integer</replaceable>;
193 <title>OPTIONS</title>
196 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
197 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
198 blackhole { <replaceable>address_match_element</replaceable>; ... };
199 coresize <replaceable>size</replaceable>;
200 datasize <replaceable>size</replaceable>;
201 directory <replaceable>quoted_string</replaceable>;
202 dump-file <replaceable>quoted_string</replaceable>;
203 files <replaceable>size</replaceable>;
204 heartbeat-interval <replaceable>integer</replaceable>;
205 host-statistics <replaceable>boolean</replaceable>; // not implemented
206 host-statistics-max <replaceable>number</replaceable>; // not implemented
207 hostname ( <replaceable>quoted_string</replaceable> | none );
208 interface-interval <replaceable>integer</replaceable>;
209 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
210 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
211 match-mapped-addresses <replaceable>boolean</replaceable>;
212 memstatistics-file <replaceable>quoted_string</replaceable>;
213 pid-file ( <replaceable>quoted_string</replaceable> | none );
214 port <replaceable>integer</replaceable>;
215 querylog <replaceable>boolean</replaceable>;
216 recursing-file <replaceable>quoted_string</replaceable>;
217 reserved-sockets <replaceable>integer</replaceable>;
218 random-device <replaceable>quoted_string</replaceable>;
219 recursive-clients <replaceable>integer</replaceable>;
220 serial-query-rate <replaceable>integer</replaceable>;
221 server-id ( <replaceable>quoted_string</replaceable> | none |;
222 stacksize <replaceable>size</replaceable>;
223 statistics-file <replaceable>quoted_string</replaceable>;
224 statistics-interval <replaceable>integer</replaceable>; // not yet implemented
225 tcp-clients <replaceable>integer</replaceable>;
226 tcp-listen-queue <replaceable>integer</replaceable>;
227 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
228 tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
229 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
230 tkey-domain <replaceable>quoted_string</replaceable>;
231 transfers-per-ns <replaceable>integer</replaceable>;
232 transfers-in <replaceable>integer</replaceable>;
233 transfers-out <replaceable>integer</replaceable>;
234 use-ixfr <replaceable>boolean</replaceable>;
235 version ( <replaceable>quoted_string</replaceable> | none );
236 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
237 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
238 sortlist { <replaceable>address_match_element</replaceable>; ... };
239 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
240 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
241 minimal-responses <replaceable>boolean</replaceable>;
242 recursion <replaceable>boolean</replaceable>;
244 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
245 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
247 provide-ixfr <replaceable>boolean</replaceable>;
248 request-ixfr <replaceable>boolean</replaceable>;
249 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
250 additional-from-auth <replaceable>boolean</replaceable>;
251 additional-from-cache <replaceable>boolean</replaceable>;
252 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
253 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
254 use-queryport-pool <replaceable>boolean</replaceable>;
255 queryport-pool-ports <replaceable>integer</replaceable>;
256 queryport-pool-updateinterval <replaceable>integer</replaceable>;
257 cleaning-interval <replaceable>integer</replaceable>;
258 resolver-query-timeout <replaceable>integer</replaceable>;
259 min-roots <replaceable>integer</replaceable>; // not implemented
260 lame-ttl <replaceable>integer</replaceable>;
261 max-ncache-ttl <replaceable>integer</replaceable>;
262 max-cache-ttl <replaceable>integer</replaceable>;
263 transfer-format ( many-answers | one-answer );
264 max-cache-size <replaceable>size</replaceable>;
265 max-acache-size <replaceable>size</replaceable>;
266 clients-per-query <replaceable>number</replaceable>;
267 max-clients-per-query <replaceable>number</replaceable>;
268 check-names ( master | slave | response )
269 ( fail | warn | ignore );
270 check-mx ( fail | warn | ignore );
271 check-integrity <replaceable>boolean</replaceable>;
272 check-mx-cname ( fail | warn | ignore );
273 check-srv-cname ( fail | warn | ignore );
274 cache-file <replaceable>quoted_string</replaceable>; // test option
275 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
276 preferred-glue <replaceable>string</replaceable>;
277 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
278 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
279 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
280 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
282 edns-udp-size <replaceable>integer</replaceable>;
283 max-udp-size <replaceable>integer</replaceable>;
284 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
285 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
286 dnssec-enable <replaceable>boolean</replaceable>;
287 dnssec-validation <replaceable>boolean</replaceable>;
288 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
289 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
290 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
291 dnssec-accept-expired <replaceable>boolean</replaceable>;
293 dns64-server <replaceable>string</replaceable>;
294 dns64-contact <replaceable>string</replaceable>;
295 dns64 <replaceable>prefix</replaceable> {
296 clients { <replacable>acl</replacable>; };
297 exclude { <replacable>acl</replacable>; };
298 mapped { <replacable>acl</replacable>; };
299 break-dnssec <replaceable>boolean</replaceable>;
300 recursive-only <replaceable>boolean</replaceable>;
301 suffix <replaceable>ipv6_address</replaceable>;
304 empty-server <replaceable>string</replaceable>;
305 empty-contact <replaceable>string</replaceable>;
306 empty-zones-enable <replaceable>boolean</replaceable>;
307 disable-empty-zone <replaceable>string</replaceable>;
309 dialup <replaceable>dialuptype</replaceable>;
310 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
312 allow-query { <replaceable>address_match_element</replaceable>; ... };
313 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
314 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
315 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
316 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
317 allow-update { <replaceable>address_match_element</replaceable>; ... };
318 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
319 update-check-ksk <replaceable>boolean</replaceable>;
320 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
322 masterfile-format ( text | raw );
323 notify <replaceable>notifytype</replaceable>;
324 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
325 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
326 notify-delay <replaceable>seconds</replaceable>;
327 notify-to-soa <replaceable>boolean</replaceable>;
328 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
329 <optional> port <replaceable>integer</replaceable> </optional>; ... };
330 allow-notify { <replaceable>address_match_element</replaceable>; ... };
332 forward ( first | only );
333 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
334 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
337 max-journal-size <replaceable>size_no_default</replaceable>;
338 max-transfer-time-in <replaceable>integer</replaceable>;
339 max-transfer-time-out <replaceable>integer</replaceable>;
340 max-transfer-idle-in <replaceable>integer</replaceable>;
341 max-transfer-idle-out <replaceable>integer</replaceable>;
342 max-retry-time <replaceable>integer</replaceable>;
343 min-retry-time <replaceable>integer</replaceable>;
344 max-refresh-time <replaceable>integer</replaceable>;
345 min-refresh-time <replaceable>integer</replaceable>;
346 multi-master <replaceable>boolean</replaceable>;
348 sig-validity-interval <replaceable>integer</replaceable>;
349 sig-re-signing-interval <replaceable>integer</replaceable>;
350 sig-signing-nodes <replaceable>integer</replaceable>;
351 sig-signing-signatures <replaceable>integer</replaceable>;
352 sig-signing-type <replaceable>integer</replaceable>;
354 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
355 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
356 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
357 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
359 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
360 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
361 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
362 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
363 use-alt-transfer-source <replaceable>boolean</replaceable>;
365 zone-statistics <replaceable>boolean</replaceable>;
366 key-directory <replaceable>quoted_string</replaceable>;
367 managed-keys-directory <replaceable>quoted_string</replaceable>;
368 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
369 try-tcp-refresh <replaceable>boolean</replaceable>;
370 zero-no-soa-ttl <replaceable>boolean</replaceable>;
371 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
372 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
373 deny-answer-addresses {
374 <replaceable>address_match_list</replaceable>
375 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
376 deny-answer-aliases {
377 <replaceable>namelist</replaceable>
378 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
380 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
382 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
383 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
384 fake-iquery <replaceable>boolean</replaceable>; // obsolete
385 fetch-glue <replaceable>boolean</replaceable>; // obsolete
386 has-old-clients <replaceable>boolean</replaceable>; // obsolete
387 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
388 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
389 multiple-cnames <replaceable>boolean</replaceable>; // obsolete
390 named-xfer <replaceable>quoted_string</replaceable>; // obsolete
391 serial-queries <replaceable>integer</replaceable>; // obsolete
392 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
393 use-id-pool <replaceable>boolean</replaceable>; // obsolete
401 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
402 match-clients { <replaceable>address_match_element</replaceable>; ... };
403 match-destinations { <replaceable>address_match_element</replaceable>; ... };
404 match-recursive-only <replaceable>boolean</replaceable>;
406 key <replaceable>string</replaceable> {
407 algorithm <replaceable>string</replaceable>;
408 secret <replaceable>string</replaceable>;
411 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
415 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
420 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
421 <optional>...</optional>
424 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
425 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
426 sortlist { <replaceable>address_match_element</replaceable>; ... };
427 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
428 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
429 minimal-responses <replaceable>boolean</replaceable>;
430 recursion <replaceable>boolean</replaceable>;
432 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
433 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
435 provide-ixfr <replaceable>boolean</replaceable>;
436 request-ixfr <replaceable>boolean</replaceable>;
437 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
438 additional-from-auth <replaceable>boolean</replaceable>;
439 additional-from-cache <replaceable>boolean</replaceable>;
440 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
441 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
442 use-queryport-pool <replaceable>boolean</replaceable>;
443 queryport-pool-ports <replaceable>integer</replaceable>;
444 queryport-pool-updateinterval <replaceable>integer</replaceable>;
445 cleaning-interval <replaceable>integer</replaceable>;
446 resolver-query-timeout <replaceable>integer</replaceable>;
447 min-roots <replaceable>integer</replaceable>; // not implemented
448 lame-ttl <replaceable>integer</replaceable>;
449 max-ncache-ttl <replaceable>integer</replaceable>;
450 max-cache-ttl <replaceable>integer</replaceable>;
451 transfer-format ( many-answers | one-answer );
452 max-cache-size <replaceable>size</replaceable>;
453 max-acache-size <replaceable>size</replaceable>;
454 clients-per-query <replaceable>number</replaceable>;
455 max-clients-per-query <replaceable>number</replaceable>;
456 check-names ( master | slave | response )
457 ( fail | warn | ignore );
458 check-mx ( fail | warn | ignore );
459 check-integrity <replaceable>boolean</replaceable>;
460 check-mx-cname ( fail | warn | ignore );
461 check-srv-cname ( fail | warn | ignore );
462 cache-file <replaceable>quoted_string</replaceable>; // test option
463 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
464 preferred-glue <replaceable>string</replaceable>;
465 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
466 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
467 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
468 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
470 edns-udp-size <replaceable>integer</replaceable>;
471 max-udp-size <replaceable>integer</replaceable>;
472 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
473 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
474 dnssec-enable <replaceable>boolean</replaceable>;
475 dnssec-validation <replaceable>boolean</replaceable>;
476 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
477 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
478 dnssec-accept-expired <replaceable>boolean</replaceable>;
480 dns64-server <replaceable>string</replaceable>;
481 dns64-contact <replaceable>string</replaceable>;
482 dns64 <replaceable>prefix</replaceable> {
483 clients { <replacable>acl</replacable>; };
484 exclude { <replacable>acl</replacable>; };
485 mapped { <replacable>acl</replacable>; };
486 break-dnssec <replaceable>boolean</replaceable>;
487 recursive-only <replaceable>boolean</replaceable>;
488 suffix <replaceable>ipv6_address</replaceable>;
491 empty-server <replaceable>string</replaceable>;
492 empty-contact <replaceable>string</replaceable>;
493 empty-zones-enable <replaceable>boolean</replaceable>;
494 disable-empty-zone <replaceable>string</replaceable>;
496 dialup <replaceable>dialuptype</replaceable>;
497 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
499 allow-query { <replaceable>address_match_element</replaceable>; ... };
500 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
501 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
502 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
503 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
504 allow-update { <replaceable>address_match_element</replaceable>; ... };
505 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
506 update-check-ksk <replaceable>boolean</replaceable>;
507 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
509 masterfile-format ( text | raw );
510 notify <replaceable>notifytype</replaceable>;
511 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
512 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
513 notify-delay <replaceable>seconds</replaceable>;
514 notify-to-soa <replaceable>boolean</replaceable>;
515 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
516 <optional> port <replaceable>integer</replaceable> </optional>; ... };
517 allow-notify { <replaceable>address_match_element</replaceable>; ... };
519 forward ( first | only );
520 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
521 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
524 max-journal-size <replaceable>size_no_default</replaceable>;
525 max-transfer-time-in <replaceable>integer</replaceable>;
526 max-transfer-time-out <replaceable>integer</replaceable>;
527 max-transfer-idle-in <replaceable>integer</replaceable>;
528 max-transfer-idle-out <replaceable>integer</replaceable>;
529 max-retry-time <replaceable>integer</replaceable>;
530 min-retry-time <replaceable>integer</replaceable>;
531 max-refresh-time <replaceable>integer</replaceable>;
532 min-refresh-time <replaceable>integer</replaceable>;
533 multi-master <replaceable>boolean</replaceable>;
534 sig-validity-interval <replaceable>integer</replaceable>;
536 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
537 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
538 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
539 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
541 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
542 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
543 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
544 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
545 use-alt-transfer-source <replaceable>boolean</replaceable>;
547 zone-statistics <replaceable>boolean</replaceable>;
548 try-tcp-refresh <replaceable>boolean</replaceable>;
549 key-directory <replaceable>quoted_string</replaceable>;
550 zero-no-soa-ttl <replaceable>boolean</replaceable>;
551 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
552 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
554 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
555 fetch-glue <replaceable>boolean</replaceable>; // obsolete
556 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
557 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
565 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
566 type ( master | slave | stub | hint |
567 forward | delegation-only );
568 file <replaceable>quoted_string</replaceable>;
570 masters <optional> port <replaceable>integer</replaceable> </optional> {
571 ( <replaceable>masters</replaceable> |
572 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
573 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
576 database <replaceable>string</replaceable>;
577 delegation-only <replaceable>boolean</replaceable>;
578 check-names ( fail | warn | ignore );
579 check-mx ( fail | warn | ignore );
580 check-integrity <replaceable>boolean</replaceable>;
581 check-mx-cname ( fail | warn | ignore );
582 check-srv-cname ( fail | warn | ignore );
583 dialup <replaceable>dialuptype</replaceable>;
584 ixfr-from-differences <replaceable>boolean</replaceable>;
585 journal <replaceable>quoted_string</replaceable>;
586 zero-no-soa-ttl <replaceable>boolean</replaceable>;
587 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
589 allow-query { <replaceable>address_match_element</replaceable>; ... };
590 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
591 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
592 allow-update { <replaceable>address_match_element</replaceable>; ... };
593 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
594 update-policy <replaceable>local</replaceable> | <replaceable> {
595 ( grant | deny ) <replaceable>string</replaceable>
596 ( name | subdomain | wildcard | self | selfsub | selfwild |
597 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
598 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
599 <replaceable>rrtypelist</replaceable>;
600 <optional>...</optional>
602 update-check-ksk <replaceable>boolean</replaceable>;
603 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
605 masterfile-format ( text | raw );
606 notify <replaceable>notifytype</replaceable>;
607 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
608 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
609 notify-delay <replaceable>seconds</replaceable>;
610 notify-to-soa <replaceable>boolean</replaceable>;
611 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
612 <optional> port <replaceable>integer</replaceable> </optional>; ... };
613 allow-notify { <replaceable>address_match_element</replaceable>; ... };
615 forward ( first | only );
616 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
617 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
620 max-journal-size <replaceable>size_no_default</replaceable>;
621 max-transfer-time-in <replaceable>integer</replaceable>;
622 max-transfer-time-out <replaceable>integer</replaceable>;
623 max-transfer-idle-in <replaceable>integer</replaceable>;
624 max-transfer-idle-out <replaceable>integer</replaceable>;
625 max-retry-time <replaceable>integer</replaceable>;
626 min-retry-time <replaceable>integer</replaceable>;
627 max-refresh-time <replaceable>integer</replaceable>;
628 min-refresh-time <replaceable>integer</replaceable>;
629 multi-master <replaceable>boolean</replaceable>;
630 sig-validity-interval <replaceable>integer</replaceable>;
632 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
633 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
634 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
635 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
637 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
638 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
639 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
640 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
641 use-alt-transfer-source <replaceable>boolean</replaceable>;
643 zone-statistics <replaceable>boolean</replaceable>;
644 try-tcp-refresh <replaceable>boolean</replaceable>;
645 key-directory <replaceable>quoted_string</replaceable>;
647 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
649 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
650 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
651 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
652 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
653 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
660 <para><filename>/etc/named.conf</filename>
665 <title>SEE ALSO</title>
667 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
670 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
673 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
675 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.