1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
20 <!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ -->
23 <date>Aug 13, 2004</date>
27 <refentrytitle><filename>named.conf</filename></refentrytitle>
28 <manvolnum>5</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
33 <refname><filename>named.conf</filename></refname>
34 <refpurpose>configuration file for named</refpurpose>
49 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
55 <command>named.conf</command>
60 <title>DESCRIPTION</title>
61 <para><filename>named.conf</filename> is the configuration file
63 <command>named</command>. Statements are enclosed
64 in braces and terminated with a semi-colon. Clauses in
65 the statements are also semi-colon terminated. The usual
66 comment styles are supported:
72 C++ style: // to end of line
75 Unix style: # to end of line
82 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
90 key <replaceable>domain_name</replaceable> {
91 algorithm <replaceable>string</replaceable>;
92 secret <replaceable>string</replaceable>;
98 <title>MASTERS</title>
100 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
101 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
102 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
108 <title>SERVER</title>
110 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
111 bogus <replaceable>boolean</replaceable>;
112 edns <replaceable>boolean</replaceable>;
113 edns-udp-size <replaceable>integer</replaceable>;
114 max-udp-size <replaceable>integer</replaceable>;
115 provide-ixfr <replaceable>boolean</replaceable>;
116 request-ixfr <replaceable>boolean</replaceable>;
117 keys <replaceable>server_key</replaceable>;
118 transfers <replaceable>integer</replaceable>;
119 transfer-format ( many-answers | one-answer );
120 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
121 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
122 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
123 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
125 support-ixfr <replaceable>boolean</replaceable>; // obsolete
131 <title>TRUSTED-KEYS</title>
134 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
140 <title>MANAGED-KEYS</title>
143 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
149 <title>CONTROLS</title>
152 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
153 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
154 allow { <replaceable>address_match_element</replaceable>; ... }
155 <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
156 unix <replaceable>unsupported</replaceable>; // not implemented
162 <title>LOGGING</title>
165 channel <replaceable>string</replaceable> {
166 file <replaceable>log_file</replaceable>;
167 syslog <replaceable>optional_facility</replaceable>;
170 severity <replaceable>log_severity</replaceable>;
171 print-time <replaceable>boolean</replaceable>;
172 print-severity <replaceable>boolean</replaceable>;
173 print-category <replaceable>boolean</replaceable>;
175 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
184 listen-on <optional> port <replaceable>integer</replaceable> </optional> {
185 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
187 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
188 search { <replaceable>string</replaceable>; ... };
189 ndots <replaceable>integer</replaceable>;
195 <title>OPTIONS</title>
198 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
199 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
200 blackhole { <replaceable>address_match_element</replaceable>; ... };
201 coresize <replaceable>size</replaceable>;
202 datasize <replaceable>size</replaceable>;
203 directory <replaceable>quoted_string</replaceable>;
204 dump-file <replaceable>quoted_string</replaceable>;
205 files <replaceable>size</replaceable>;
206 heartbeat-interval <replaceable>integer</replaceable>;
207 host-statistics <replaceable>boolean</replaceable>; // not implemented
208 host-statistics-max <replaceable>number</replaceable>; // not implemented
209 hostname ( <replaceable>quoted_string</replaceable> | none );
210 interface-interval <replaceable>integer</replaceable>;
211 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
212 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
213 match-mapped-addresses <replaceable>boolean</replaceable>;
214 memstatistics-file <replaceable>quoted_string</replaceable>;
215 pid-file ( <replaceable>quoted_string</replaceable> | none );
216 port <replaceable>integer</replaceable>;
217 querylog <replaceable>boolean</replaceable>;
218 recursing-file <replaceable>quoted_string</replaceable>;
219 reserved-sockets <replaceable>integer</replaceable>;
220 random-device <replaceable>quoted_string</replaceable>;
221 recursive-clients <replaceable>integer</replaceable>;
222 serial-query-rate <replaceable>integer</replaceable>;
223 server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
224 stacksize <replaceable>size</replaceable>;
225 statistics-file <replaceable>quoted_string</replaceable>;
226 statistics-interval <replaceable>integer</replaceable>; // not yet implemented
227 tcp-clients <replaceable>integer</replaceable>;
228 tcp-listen-queue <replaceable>integer</replaceable>;
229 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
230 tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
231 tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
232 tkey-domain <replaceable>quoted_string</replaceable>;
233 transfers-per-ns <replaceable>integer</replaceable>;
234 transfers-in <replaceable>integer</replaceable>;
235 transfers-out <replaceable>integer</replaceable>;
236 use-ixfr <replaceable>boolean</replaceable>;
237 version ( <replaceable>quoted_string</replaceable> | none );
238 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
239 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
240 sortlist { <replaceable>address_match_element</replaceable>; ... };
241 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
242 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
243 minimal-responses <replaceable>boolean</replaceable>;
244 recursion <replaceable>boolean</replaceable>;
246 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
247 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
249 provide-ixfr <replaceable>boolean</replaceable>;
250 request-ixfr <replaceable>boolean</replaceable>;
251 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
252 additional-from-auth <replaceable>boolean</replaceable>;
253 additional-from-cache <replaceable>boolean</replaceable>;
254 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
255 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
256 use-queryport-pool <replaceable>boolean</replaceable>;
257 queryport-pool-ports <replaceable>integer</replaceable>;
258 queryport-pool-updateinterval <replaceable>integer</replaceable>;
259 cleaning-interval <replaceable>integer</replaceable>;
260 resolver-query-timeout <replaceable>integer</replaceable>;
261 min-roots <replaceable>integer</replaceable>; // not implemented
262 lame-ttl <replaceable>integer</replaceable>;
263 max-ncache-ttl <replaceable>integer</replaceable>;
264 max-cache-ttl <replaceable>integer</replaceable>;
265 transfer-format ( many-answers | one-answer );
266 max-cache-size <replaceable>size</replaceable>;
267 max-acache-size <replaceable>size</replaceable>;
268 clients-per-query <replaceable>number</replaceable>;
269 max-clients-per-query <replaceable>number</replaceable>;
270 check-names ( master | slave | response )
271 ( fail | warn | ignore );
272 check-mx ( fail | warn | ignore );
273 check-integrity <replaceable>boolean</replaceable>;
274 check-mx-cname ( fail | warn | ignore );
275 check-srv-cname ( fail | warn | ignore );
276 cache-file <replaceable>quoted_string</replaceable>; // test option
277 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
278 preferred-glue <replaceable>string</replaceable>;
279 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
280 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
281 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
282 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
284 edns-udp-size <replaceable>integer</replaceable>;
285 max-udp-size <replaceable>integer</replaceable>;
286 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
287 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
288 dnssec-enable <replaceable>boolean</replaceable>;
289 dnssec-validation <replaceable>boolean</replaceable>;
290 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
291 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
292 dnssec-accept-expired <replaceable>boolean</replaceable>;
294 dns64-server <replaceable>string</replaceable>;
295 dns64-contact <replaceable>string</replaceable>;
296 dns64 <replaceable>prefix</replaceable> {
297 clients { <replacable>acl</replacable>; };
298 exclude { <replacable>acl</replacable>; };
299 mapped { <replacable>acl</replacable>; };
300 break-dnssec <replaceable>boolean</replaceable>;
301 recursive-only <replaceable>boolean</replaceable>;
302 suffix <replaceable>ipv6_address</replaceable>;
305 empty-server <replaceable>string</replaceable>;
306 empty-contact <replaceable>string</replaceable>;
307 empty-zones-enable <replaceable>boolean</replaceable>;
308 disable-empty-zone <replaceable>string</replaceable>;
310 dialup <replaceable>dialuptype</replaceable>;
311 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
313 allow-query { <replaceable>address_match_element</replaceable>; ... };
314 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
315 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
316 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
317 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
318 allow-update { <replaceable>address_match_element</replaceable>; ... };
319 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
320 update-check-ksk <replaceable>boolean</replaceable>;
321 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
323 masterfile-format ( text | raw );
324 notify <replaceable>notifytype</replaceable>;
325 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
326 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
327 notify-delay <replaceable>seconds</replaceable>;
328 notify-to-soa <replaceable>boolean</replaceable>;
329 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
330 <optional> port <replaceable>integer</replaceable> </optional>; ...
331 <optional> key <replaceable>keyname</replaceable> </optional> ... };
332 allow-notify { <replaceable>address_match_element</replaceable>; ... };
334 forward ( first | only );
335 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
336 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
339 max-journal-size <replaceable>size_no_default</replaceable>;
340 max-transfer-time-in <replaceable>integer</replaceable>;
341 max-transfer-time-out <replaceable>integer</replaceable>;
342 max-transfer-idle-in <replaceable>integer</replaceable>;
343 max-transfer-idle-out <replaceable>integer</replaceable>;
344 max-retry-time <replaceable>integer</replaceable>;
345 min-retry-time <replaceable>integer</replaceable>;
346 max-refresh-time <replaceable>integer</replaceable>;
347 min-refresh-time <replaceable>integer</replaceable>;
348 multi-master <replaceable>boolean</replaceable>;
350 sig-validity-interval <replaceable>integer</replaceable>;
351 sig-re-signing-interval <replaceable>integer</replaceable>;
352 sig-signing-nodes <replaceable>integer</replaceable>;
353 sig-signing-signatures <replaceable>integer</replaceable>;
354 sig-signing-type <replaceable>integer</replaceable>;
356 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
357 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
358 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
359 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
361 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
362 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
363 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
364 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
365 use-alt-transfer-source <replaceable>boolean</replaceable>;
367 zone-statistics <replaceable>boolean</replaceable>;
368 key-directory <replaceable>quoted_string</replaceable>;
369 managed-keys-directory <replaceable>quoted_string</replaceable>;
370 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
371 try-tcp-refresh <replaceable>boolean</replaceable>;
372 zero-no-soa-ttl <replaceable>boolean</replaceable>;
373 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
374 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
375 deny-answer-addresses {
376 <replaceable>address_match_list</replaceable>
377 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
378 deny-answer-aliases {
379 <replaceable>namelist</replaceable>
380 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
382 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
384 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
385 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
386 fake-iquery <replaceable>boolean</replaceable>; // obsolete
387 fetch-glue <replaceable>boolean</replaceable>; // obsolete
388 has-old-clients <replaceable>boolean</replaceable>; // obsolete
389 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
390 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
391 multiple-cnames <replaceable>boolean</replaceable>; // obsolete
392 named-xfer <replaceable>quoted_string</replaceable>; // obsolete
393 serial-queries <replaceable>integer</replaceable>; // obsolete
394 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
395 use-id-pool <replaceable>boolean</replaceable>; // obsolete
403 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
404 match-clients { <replaceable>address_match_element</replaceable>; ... };
405 match-destinations { <replaceable>address_match_element</replaceable>; ... };
406 match-recursive-only <replaceable>boolean</replaceable>;
408 key <replaceable>string</replaceable> {
409 algorithm <replaceable>string</replaceable>;
410 secret <replaceable>string</replaceable>;
413 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
417 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
422 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
423 <optional>...</optional>
426 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
427 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
428 sortlist { <replaceable>address_match_element</replaceable>; ... };
429 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
430 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
431 minimal-responses <replaceable>boolean</replaceable>;
432 recursion <replaceable>boolean</replaceable>;
434 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
435 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
437 provide-ixfr <replaceable>boolean</replaceable>;
438 request-ixfr <replaceable>boolean</replaceable>;
439 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
440 additional-from-auth <replaceable>boolean</replaceable>;
441 additional-from-cache <replaceable>boolean</replaceable>;
442 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
443 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
444 use-queryport-pool <replaceable>boolean</replaceable>;
445 queryport-pool-ports <replaceable>integer</replaceable>;
446 queryport-pool-updateinterval <replaceable>integer</replaceable>;
447 cleaning-interval <replaceable>integer</replaceable>;
448 resolver-query-timeout <replaceable>integer</replaceable>;
449 min-roots <replaceable>integer</replaceable>; // not implemented
450 lame-ttl <replaceable>integer</replaceable>;
451 max-ncache-ttl <replaceable>integer</replaceable>;
452 max-cache-ttl <replaceable>integer</replaceable>;
453 transfer-format ( many-answers | one-answer );
454 max-cache-size <replaceable>size</replaceable>;
455 max-acache-size <replaceable>size</replaceable>;
456 clients-per-query <replaceable>number</replaceable>;
457 max-clients-per-query <replaceable>number</replaceable>;
458 check-names ( master | slave | response )
459 ( fail | warn | ignore );
460 check-mx ( fail | warn | ignore );
461 check-integrity <replaceable>boolean</replaceable>;
462 check-mx-cname ( fail | warn | ignore );
463 check-srv-cname ( fail | warn | ignore );
464 cache-file <replaceable>quoted_string</replaceable>; // test option
465 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
466 preferred-glue <replaceable>string</replaceable>;
467 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
468 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
469 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
470 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
472 edns-udp-size <replaceable>integer</replaceable>;
473 max-udp-size <replaceable>integer</replaceable>;
474 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
475 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
476 dnssec-enable <replaceable>boolean</replaceable>;
477 dnssec-validation <replaceable>boolean</replaceable>;
478 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
479 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
480 dnssec-accept-expired <replaceable>boolean</replaceable>;
482 dns64-server <replaceable>string</replaceable>;
483 dns64-contact <replaceable>string</replaceable>;
484 dns64 <replaceable>prefix</replaceable> {
485 clients { <replacable>acl</replacable>; };
486 exclude { <replacable>acl</replacable>; };
487 mapped { <replacable>acl</replacable>; };
488 break-dnssec <replaceable>boolean</replaceable>;
489 recursive-only <replaceable>boolean</replaceable>;
490 suffix <replaceable>ipv6_address</replaceable>;
493 empty-server <replaceable>string</replaceable>;
494 empty-contact <replaceable>string</replaceable>;
495 empty-zones-enable <replaceable>boolean</replaceable>;
496 disable-empty-zone <replaceable>string</replaceable>;
498 dialup <replaceable>dialuptype</replaceable>;
499 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
501 allow-query { <replaceable>address_match_element</replaceable>; ... };
502 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
503 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
504 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
505 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
506 allow-update { <replaceable>address_match_element</replaceable>; ... };
507 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
508 update-check-ksk <replaceable>boolean</replaceable>;
509 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
511 masterfile-format ( text | raw );
512 notify <replaceable>notifytype</replaceable>;
513 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
514 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
515 notify-delay <replaceable>seconds</replaceable>;
516 notify-to-soa <replaceable>boolean</replaceable>;
517 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
518 <optional> port <replaceable>integer</replaceable> </optional>; ...
519 <optional> key <replaceable>keyname</replaceable> </optional> ... };
520 allow-notify { <replaceable>address_match_element</replaceable>; ... };
522 forward ( first | only );
523 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
524 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
527 max-journal-size <replaceable>size_no_default</replaceable>;
528 max-transfer-time-in <replaceable>integer</replaceable>;
529 max-transfer-time-out <replaceable>integer</replaceable>;
530 max-transfer-idle-in <replaceable>integer</replaceable>;
531 max-transfer-idle-out <replaceable>integer</replaceable>;
532 max-retry-time <replaceable>integer</replaceable>;
533 min-retry-time <replaceable>integer</replaceable>;
534 max-refresh-time <replaceable>integer</replaceable>;
535 min-refresh-time <replaceable>integer</replaceable>;
536 multi-master <replaceable>boolean</replaceable>;
537 sig-validity-interval <replaceable>integer</replaceable>;
539 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
540 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
541 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
542 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
544 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
545 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
546 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
547 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
548 use-alt-transfer-source <replaceable>boolean</replaceable>;
550 zone-statistics <replaceable>boolean</replaceable>;
551 try-tcp-refresh <replaceable>boolean</replaceable>;
552 key-directory <replaceable>quoted_string</replaceable>;
553 zero-no-soa-ttl <replaceable>boolean</replaceable>;
554 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
555 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
557 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
558 fetch-glue <replaceable>boolean</replaceable>; // obsolete
559 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
560 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
568 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
569 type ( master | slave | stub | hint | redirect |
570 forward | delegation-only );
571 file <replaceable>quoted_string</replaceable>;
573 masters <optional> port <replaceable>integer</replaceable> </optional> {
574 ( <replaceable>masters</replaceable> |
575 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
576 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
579 database <replaceable>string</replaceable>;
580 delegation-only <replaceable>boolean</replaceable>;
581 check-names ( fail | warn | ignore );
582 check-mx ( fail | warn | ignore );
583 check-integrity <replaceable>boolean</replaceable>;
584 check-mx-cname ( fail | warn | ignore );
585 check-srv-cname ( fail | warn | ignore );
586 dialup <replaceable>dialuptype</replaceable>;
587 ixfr-from-differences <replaceable>boolean</replaceable>;
588 journal <replaceable>quoted_string</replaceable>;
589 zero-no-soa-ttl <replaceable>boolean</replaceable>;
590 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
592 allow-query { <replaceable>address_match_element</replaceable>; ... };
593 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
594 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
595 allow-update { <replaceable>address_match_element</replaceable>; ... };
596 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
597 update-policy <replaceable>local</replaceable> | <replaceable> {
598 ( grant | deny ) <replaceable>string</replaceable>
599 ( name | subdomain | wildcard | self | selfsub | selfwild |
600 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
601 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
602 <replaceable>rrtypelist</replaceable>;
603 <optional>...</optional>
605 update-check-ksk <replaceable>boolean</replaceable>;
606 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
608 masterfile-format ( text | raw );
609 notify <replaceable>notifytype</replaceable>;
610 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
611 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
612 notify-delay <replaceable>seconds</replaceable>;
613 notify-to-soa <replaceable>boolean</replaceable>;
614 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
615 <optional> port <replaceable>integer</replaceable> </optional>; ...
616 <optional> key <replaceable>keyname</replaceable> </optional> ... };
617 allow-notify { <replaceable>address_match_element</replaceable>; ... };
619 forward ( first | only );
620 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
621 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
624 max-journal-size <replaceable>size_no_default</replaceable>;
625 max-transfer-time-in <replaceable>integer</replaceable>;
626 max-transfer-time-out <replaceable>integer</replaceable>;
627 max-transfer-idle-in <replaceable>integer</replaceable>;
628 max-transfer-idle-out <replaceable>integer</replaceable>;
629 max-retry-time <replaceable>integer</replaceable>;
630 min-retry-time <replaceable>integer</replaceable>;
631 max-refresh-time <replaceable>integer</replaceable>;
632 min-refresh-time <replaceable>integer</replaceable>;
633 multi-master <replaceable>boolean</replaceable>;
634 request-ixfr <replaceable>boolean</replaceable>;
635 sig-validity-interval <replaceable>integer</replaceable>;
637 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
638 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
639 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
640 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
642 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
643 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
644 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
645 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
646 use-alt-transfer-source <replaceable>boolean</replaceable>;
648 zone-statistics <replaceable>boolean</replaceable>;
649 try-tcp-refresh <replaceable>boolean</replaceable>;
650 key-directory <replaceable>quoted_string</replaceable>;
652 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
654 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
655 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
656 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
657 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
658 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
665 <para><filename>/etc/named.conf</filename>
670 <title>SEE ALSO</title>
672 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
675 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
678 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
680 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.