MFV r306384:

[FreeBSD/stable/9.git] / contrib / bind9 / bin / named / named.conf.html

<!--
 - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
 - 
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 - 
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
      for
      <span class="command"><strong>named</strong></span>.  Statements are enclosed
      in braces and terminated with a semi-colon.  Clauses in
      the statements are also semi-colon terminated.  The usual
      comment styles are supported:
    </p>
<p>
      C style: /* */
    </p>
<p>
      C++ style: // to end of line
    </p>
<p>
      Unix style: # to end of line
    </p>
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
        algorithm <em class="replaceable"><code>string</code></em>;<br>
        secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.10"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
        ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
        <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.11"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
        bogus <em class="replaceable"><code>boolean</code></em>;<br>
        edns <em class="replaceable"><code>boolean</code></em>;<br>
        edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        keys <em class="replaceable"><code>server_key</code></em>;<br>
        transfers <em class="replaceable"><code>integer</code></em>;<br>
        transfer-format ( many-answers | one-answer );<br>
        transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
        support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
        <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.13"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys {<br>
        <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.14"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
        inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
                allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
                [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
        unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.15"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
        channel <em class="replaceable"><code>string</code></em> {<br>
                file <em class="replaceable"><code>log_file</code></em>;<br>
                syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
                null;<br>
                stderr;<br>
                severity <em class="replaceable"><code>log_severity</code></em>;<br>
                print-time <em class="replaceable"><code>boolean</code></em>;<br>
                print-severity <em class="replaceable"><code>boolean</code></em>;<br>
                print-category <em class="replaceable"><code>boolean</code></em>;<br>
        };<br>
        category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.16"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
        listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
        };<br>
        view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
        search { <em class="replaceable"><code>string</code></em>; ... };<br>
        ndots <em class="replaceable"><code>integer</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.17"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
        avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
        avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
        blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        coresize <em class="replaceable"><code>size</code></em>;<br>
        datasize <em class="replaceable"><code>size</code></em>;<br>
        directory <em class="replaceable"><code>quoted_string</code></em>;<br>
        dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
        files <em class="replaceable"><code>size</code></em>;<br>
        heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
        host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
        host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
        hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
        interface-interval <em class="replaceable"><code>integer</code></em>;<br>
        listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
        memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
        pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
        port <em class="replaceable"><code>integer</code></em>;<br>
        querylog <em class="replaceable"><code>boolean</code></em>;<br>
        recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
        reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
        random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
        recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
        serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
        server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
        stacksize <em class="replaceable"><code>size</code></em>;<br>
        statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
        statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
        tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
        tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
        tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
        tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
        tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
        tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
        transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
        transfers-in <em class="replaceable"><code>integer</code></em>;<br>
        transfers-out <em class="replaceable"><code>integer</code></em>;<br>
        version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
        allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
        auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
        minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
        recursion <em class="replaceable"><code>boolean</code></em>;<br>
        rrset-order {<br>
                [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
                [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
        };<br>
        provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
        additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
        additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
        query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
        queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
        queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
        cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
        resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
        min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
        lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
        max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
        max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
        transfer-format ( many-answers | one-answer );<br>
        max-cache-size <em class="replaceable"><code>size</code></em>;<br>
        max-acache-size <em class="replaceable"><code>size</code></em>;<br>
        clients-per-query <em class="replaceable"><code>number</code></em>;<br>
        max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
        check-names ( master | slave | response )<br>
                ( fail | warn | ignore );<br>
        check-mx ( fail | warn | ignore );<br>
        check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
        check-mx-cname ( fail | warn | ignore );<br>
        check-srv-cname ( fail | warn | ignore );<br>
        cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
        suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
        preferred-glue <em class="replaceable"><code>string</code></em>;<br>
        dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
                <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
                <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
        };<br>
        edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
        disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
        dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
        dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        dns64-server <em class="replaceable"><code>string</code></em>;<br>
        dns64-contact <em class="replaceable"><code>string</code></em>;<br>
        dns64 <em class="replaceable"><code>prefix</code></em> {<br>
                clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
                recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
                suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
        };<br>
<br>
        empty-server <em class="replaceable"><code>string</code></em>;<br>
        empty-contact <em class="replaceable"><code>string</code></em>;<br>
        empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
        disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
<br>
        dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
        ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
<br>
        allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        masterfile-format ( text | raw );<br>
        notify <em class="replaceable"><code>notifytype</code></em>;<br>
        notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
        notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
        also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
                [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
                [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
        allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
        forward ( first | only );<br>
        forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
        };<br>
<br>
        max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
        max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
        max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        multi-master <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
        sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
        sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
        sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
        sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
<br>
        transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
        alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
        key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
        managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
        auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
        try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
        zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
        zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
        deny-answer-addresses {<br>
                <em class="replaceable"><code>address_match_list</code></em><br>
        } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
        deny-answer-aliases {<br>
                <em class="replaceable"><code>namelist</code></em><br>
        } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
<br>
        nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
<br>
        allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
        deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
        multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
        serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
        treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.18"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
        match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        key <em class="replaceable"><code>string</code></em> {<br>
                algorithm <em class="replaceable"><code>string</code></em>;<br>
                secret <em class="replaceable"><code>string</code></em>;<br>
        };<br>
<br>
        zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
                ...<br>
        };<br>
<br>
        server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
                ...<br>
        };<br>
<br>
        trusted-keys {<br>
                <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
                [<span class="optional">...</span>]<br>
        };<br>
<br>
        allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
        auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
        minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
        recursion <em class="replaceable"><code>boolean</code></em>;<br>
        rrset-order {<br>
                [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
                [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
        };<br>
        provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
        additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
        additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
        query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
        queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
        queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
        cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
        resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
        min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
        lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
        max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
        max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
        transfer-format ( many-answers | one-answer );<br>
        max-cache-size <em class="replaceable"><code>size</code></em>;<br>
        max-acache-size <em class="replaceable"><code>size</code></em>;<br>
        clients-per-query <em class="replaceable"><code>number</code></em>;<br>
        max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
        check-names ( master | slave | response )<br>
                ( fail | warn | ignore );<br>
        check-mx ( fail | warn | ignore );<br>
        check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
        check-mx-cname ( fail | warn | ignore );<br>
        check-srv-cname ( fail | warn | ignore );<br>
        cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
        suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
        preferred-glue <em class="replaceable"><code>string</code></em>;<br>
        dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
                <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
                <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
        };<br>
        edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
        root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
        disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
        dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
        dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        dns64-server <em class="replaceable"><code>string</code></em>;<br>
        dns64-contact <em class="replaceable"><code>string</code></em>;<br>
        dns64 <em class="replaceable"><code>prefix</code></em> {<br>
                clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
                break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
                recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
                suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
        };<br>
<br>
        empty-server <em class="replaceable"><code>string</code></em>;<br>
        empty-contact <em class="replaceable"><code>string</code></em>;<br>
        empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
        disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
<br>
        dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
        ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
<br>
        allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        masterfile-format ( text | raw );<br>
        notify <em class="replaceable"><code>notifytype</code></em>;<br>
        notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
        notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
        also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
                [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
                [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
        allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
        forward ( first | only );<br>
        forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
        };<br>
<br>
        max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
        max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
        max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        multi-master <em class="replaceable"><code>boolean</code></em>;<br>
        sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
<br>
        transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
        alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
        try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
        key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
        zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
        zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
        fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.19"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
        type ( master | slave | stub | hint | redirect |<br>
                forward | delegation-only );<br>
        file <em class="replaceable"><code>quoted_string</code></em>;<br>
<br>
        masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>masters</code></em> |<br>
                <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
                <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
        };<br>
<br>
        database <em class="replaceable"><code>string</code></em>;<br>
        delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
        check-names ( fail | warn | ignore );<br>
        check-mx ( fail | warn | ignore );<br>
        check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
        check-mx-cname ( fail | warn | ignore );<br>
        check-srv-cname ( fail | warn | ignore );<br>
        dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
        ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
        journal <em class="replaceable"><code>quoted_string</code></em>;<br>
        zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
        update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
                ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
                ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
                  tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
                <em class="replaceable"><code>rrtypelist</code></em>;<br>
                [<span class="optional">...</span>]<br>
        }</code></em>;<br>
        update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
        dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        masterfile-format ( text | raw );<br>
        notify <em class="replaceable"><code>notifytype</code></em>;<br>
        notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
        notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
        also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
                [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
                [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
        allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
        forward ( first | only );<br>
        forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
                ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
        };<br>
<br>
        max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
        max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
        max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
        max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
        max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
        multi-master <em class="replaceable"><code>boolean</code></em>;<br>
        request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
        sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
<br>
        transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
        alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
                [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
        use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
        zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
        try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
        key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
<br>
        nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
<br>
        ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
        ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
        maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
        max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
        pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.20"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
    </p>
</div>
<div class="refsection">
<a name="id-1.21"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
</div></body>
</html>