2 - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
18 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
19 <title>named.conf</title>
20 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
22 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
23 <a name="man.named.conf"></a><div class="titlepage"></div>
24 <div class="refnamediv">
26 <p><code class="filename">named.conf</code> — configuration file for named</p>
28 <div class="refsynopsisdiv">
30 <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
32 <div class="refsection">
33 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
34 <p><code class="filename">named.conf</code> is the configuration file
36 <span class="command"><strong>named</strong></span>. Statements are enclosed
37 in braces and terminated with a semi-colon. Clauses in
38 the statements are also semi-colon terminated. The usual
39 comment styles are supported:
45 C++ style: // to end of line
48 Unix style: # to end of line
51 <div class="refsection">
52 <a name="id-1.8"></a><h2>ACL</h2>
53 <div class="literallayout"><p><br>
54 acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
58 <div class="refsection">
59 <a name="id-1.9"></a><h2>KEY</h2>
60 <div class="literallayout"><p><br>
61 key <em class="replaceable"><code>domain_name</code></em> {<br>
62 algorithm <em class="replaceable"><code>string</code></em>;<br>
63 secret <em class="replaceable"><code>string</code></em>;<br>
67 <div class="refsection">
68 <a name="id-1.10"></a><h2>MASTERS</h2>
69 <div class="literallayout"><p><br>
70 masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
71 ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
72 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
76 <div class="refsection">
77 <a name="id-1.11"></a><h2>SERVER</h2>
78 <div class="literallayout"><p><br>
79 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
80 bogus <em class="replaceable"><code>boolean</code></em>;<br>
81 edns <em class="replaceable"><code>boolean</code></em>;<br>
82 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
83 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
84 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
85 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
86 keys <em class="replaceable"><code>server_key</code></em>;<br>
87 transfers <em class="replaceable"><code>integer</code></em>;<br>
88 transfer-format ( many-answers | one-answer );<br>
89 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
90 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
91 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
92 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
94 support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
98 <div class="refsection">
99 <a name="id-1.12"></a><h2>TRUSTED-KEYS</h2>
100 <div class="literallayout"><p><br>
102 <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
106 <div class="refsection">
107 <a name="id-1.13"></a><h2>MANAGED-KEYS</h2>
108 <div class="literallayout"><p><br>
110 <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
114 <div class="refsection">
115 <a name="id-1.14"></a><h2>CONTROLS</h2>
116 <div class="literallayout"><p><br>
118 inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
119 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
120 allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
121 [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
122 unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
126 <div class="refsection">
127 <a name="id-1.15"></a><h2>LOGGING</h2>
128 <div class="literallayout"><p><br>
130 channel <em class="replaceable"><code>string</code></em> {<br>
131 file <em class="replaceable"><code>log_file</code></em>;<br>
132 syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
135 severity <em class="replaceable"><code>log_severity</code></em>;<br>
136 print-time <em class="replaceable"><code>boolean</code></em>;<br>
137 print-severity <em class="replaceable"><code>boolean</code></em>;<br>
138 print-category <em class="replaceable"><code>boolean</code></em>;<br>
140 category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
144 <div class="refsection">
145 <a name="id-1.16"></a><h2>LWRES</h2>
146 <div class="literallayout"><p><br>
148 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
149 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
151 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
152 search { <em class="replaceable"><code>string</code></em>; ... };<br>
153 ndots <em class="replaceable"><code>integer</code></em>;<br>
157 <div class="refsection">
158 <a name="id-1.17"></a><h2>OPTIONS</h2>
159 <div class="literallayout"><p><br>
161 avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
162 avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
163 blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
164 coresize <em class="replaceable"><code>size</code></em>;<br>
165 datasize <em class="replaceable"><code>size</code></em>;<br>
166 directory <em class="replaceable"><code>quoted_string</code></em>;<br>
167 dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
168 files <em class="replaceable"><code>size</code></em>;<br>
169 heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
170 host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
171 host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
172 hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
173 interface-interval <em class="replaceable"><code>integer</code></em>;<br>
174 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
175 listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
176 match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
177 memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
178 pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
179 port <em class="replaceable"><code>integer</code></em>;<br>
180 querylog <em class="replaceable"><code>boolean</code></em>;<br>
181 recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
182 reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
183 random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
184 recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
185 serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
186 server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
187 stacksize <em class="replaceable"><code>size</code></em>;<br>
188 statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
189 statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
190 tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
191 tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
192 tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
193 tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
194 tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
195 tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
196 transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
197 transfers-in <em class="replaceable"><code>integer</code></em>;<br>
198 transfers-out <em class="replaceable"><code>integer</code></em>;<br>
199 version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
200 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
201 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
202 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
203 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
204 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
205 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
206 recursion <em class="replaceable"><code>boolean</code></em>;<br>
208 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
209 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
211 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
212 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
213 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
214 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
215 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
216 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
217 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
218 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
219 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
220 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
221 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
222 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
223 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
224 lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
225 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
226 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
227 transfer-format ( many-answers | one-answer );<br>
228 max-cache-size <em class="replaceable"><code>size</code></em>;<br>
229 max-acache-size <em class="replaceable"><code>size</code></em>;<br>
230 clients-per-query <em class="replaceable"><code>number</code></em>;<br>
231 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
232 check-names ( master | slave | response )<br>
233 ( fail | warn | ignore );<br>
234 check-mx ( fail | warn | ignore );<br>
235 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
236 check-mx-cname ( fail | warn | ignore );<br>
237 check-srv-cname ( fail | warn | ignore );<br>
238 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
239 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
240 preferred-glue <em class="replaceable"><code>string</code></em>;<br>
241 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
242 ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
243 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
244 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
246 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
247 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
248 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
249 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
250 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
251 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
252 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
253 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
254 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
256 dns64-server <em class="replaceable"><code>string</code></em>;<br>
257 dns64-contact <em class="replaceable"><code>string</code></em>;<br>
258 dns64 <em class="replaceable"><code>prefix</code></em> {<br>
259 clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
260 exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
261 mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
262 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
263 recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
264 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
267 empty-server <em class="replaceable"><code>string</code></em>;<br>
268 empty-contact <em class="replaceable"><code>string</code></em>;<br>
269 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
270 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
272 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
273 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
275 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
276 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
277 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
278 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
279 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
280 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
281 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
282 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
283 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
285 masterfile-format ( text | raw );<br>
286 notify <em class="replaceable"><code>notifytype</code></em>;<br>
287 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
288 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
289 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
290 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
291 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
292 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
293 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
294 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
296 forward ( first | only );<br>
297 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
298 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
301 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
302 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
303 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
304 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
305 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
306 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
307 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
308 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
309 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
310 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
312 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
313 sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
314 sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
315 sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
316 sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
318 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
319 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
320 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
321 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
323 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
324 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
325 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
326 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
327 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
329 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
330 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
331 managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
332 auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
333 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
334 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
335 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
336 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
337 deny-answer-addresses {<br>
338 <em class="replaceable"><code>address_match_list</code></em><br>
339 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
340 deny-answer-aliases {<br>
341 <em class="replaceable"><code>namelist</code></em><br>
342 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
344 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
346 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
347 deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
348 fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
349 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
350 has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
351 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
352 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
353 multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
354 named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
355 serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
356 treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
357 use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
358 use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
362 <div class="refsection">
363 <a name="id-1.18"></a><h2>VIEW</h2>
364 <div class="literallayout"><p><br>
365 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
366 match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
367 match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
368 match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
370 key <em class="replaceable"><code>string</code></em> {<br>
371 algorithm <em class="replaceable"><code>string</code></em>;<br>
372 secret <em class="replaceable"><code>string</code></em>;<br>
375 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
379 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
384 <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
385 [<span class="optional">...</span>]<br>
388 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
389 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
390 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
391 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
392 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
393 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
394 recursion <em class="replaceable"><code>boolean</code></em>;<br>
396 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
397 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
399 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
400 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
401 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
402 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
403 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
404 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
405 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
406 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
407 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
408 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
409 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
410 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
411 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
412 lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
413 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
414 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
415 transfer-format ( many-answers | one-answer );<br>
416 max-cache-size <em class="replaceable"><code>size</code></em>;<br>
417 max-acache-size <em class="replaceable"><code>size</code></em>;<br>
418 clients-per-query <em class="replaceable"><code>number</code></em>;<br>
419 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
420 check-names ( master | slave | response )<br>
421 ( fail | warn | ignore );<br>
422 check-mx ( fail | warn | ignore );<br>
423 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
424 check-mx-cname ( fail | warn | ignore );<br>
425 check-srv-cname ( fail | warn | ignore );<br>
426 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
427 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
428 preferred-glue <em class="replaceable"><code>string</code></em>;<br>
429 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
430 ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
431 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
432 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
434 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
435 max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
436 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
437 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
438 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
439 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
440 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
441 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
442 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
444 dns64-server <em class="replaceable"><code>string</code></em>;<br>
445 dns64-contact <em class="replaceable"><code>string</code></em>;<br>
446 dns64 <em class="replaceable"><code>prefix</code></em> {<br>
447 clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
448 exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
449 mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
450 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
451 recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
452 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
455 empty-server <em class="replaceable"><code>string</code></em>;<br>
456 empty-contact <em class="replaceable"><code>string</code></em>;<br>
457 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
458 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
460 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
461 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
463 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
464 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
465 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
466 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
467 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
468 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
469 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
470 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
471 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
473 masterfile-format ( text | raw );<br>
474 notify <em class="replaceable"><code>notifytype</code></em>;<br>
475 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
476 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
477 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
478 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
479 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
480 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
481 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
482 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
484 forward ( first | only );<br>
485 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
486 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
489 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
490 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
491 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
492 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
493 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
494 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
495 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
496 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
497 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
498 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
499 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
501 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
502 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
503 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
504 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
506 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
507 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
508 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
509 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
510 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
512 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
513 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
514 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
515 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
516 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
517 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
519 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
520 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
521 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
522 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
526 <div class="refsection">
527 <a name="id-1.19"></a><h2>ZONE</h2>
528 <div class="literallayout"><p><br>
529 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
530 type ( master | slave | stub | hint | redirect |<br>
531 forward | delegation-only );<br>
532 file <em class="replaceable"><code>quoted_string</code></em>;<br>
534 masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
535 ( <em class="replaceable"><code>masters</code></em> |<br>
536 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
537 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
540 database <em class="replaceable"><code>string</code></em>;<br>
541 delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
542 check-names ( fail | warn | ignore );<br>
543 check-mx ( fail | warn | ignore );<br>
544 check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
545 check-mx-cname ( fail | warn | ignore );<br>
546 check-srv-cname ( fail | warn | ignore );<br>
547 dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
548 ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
549 journal <em class="replaceable"><code>quoted_string</code></em>;<br>
550 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
551 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
553 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
554 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
555 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
556 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
557 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
558 update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
559 ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
560 ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
561 krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
562 tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
563 <em class="replaceable"><code>rrtypelist</code></em>;<br>
564 [<span class="optional">...</span>]<br>
566 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
567 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
569 masterfile-format ( text | raw );<br>
570 notify <em class="replaceable"><code>notifytype</code></em>;<br>
571 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
572 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
573 notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
574 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
575 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
576 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
577 [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
578 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
580 forward ( first | only );<br>
581 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
582 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
585 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
586 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
587 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
588 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
589 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
590 max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
591 min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
592 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
593 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
594 multi-master <em class="replaceable"><code>boolean</code></em>;<br>
595 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
596 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
598 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
599 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
600 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
601 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
603 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
604 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
605 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
606 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
607 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
609 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
610 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
611 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
613 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
615 ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
616 ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
617 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
618 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
619 pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
623 <div class="refsection">
624 <a name="id-1.20"></a><h2>FILES</h2>
625 <p><code class="filename">/etc/named.conf</code>
628 <div class="refsection">
629 <a name="id-1.21"></a><h2>SEE ALSO</h2>
630 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
631 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
632 <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
633 <em class="citetitle">BIND 9 Administrator Reference Manual</em>.