1 .\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.2.27 2008/09/05 01:32:08 tbox Exp $
19 .\" Title: \fInamed.conf\fR
21 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
22 .\" Date: Aug 13, 2004
26 .TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
27 .\" disable hyphenation
29 .\" disable justification (adjust text to left margin only)
32 named.conf \- configuration file for named
39 is the configuration file for
40 \fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
44 C++ style: // to end of line
46 Unix style: # to end of line
51 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
58 key \fIdomain_name\fR {
59 algorithm \fIstring\fR;
68 masters \fIstring\fR [ port \fIinteger\fR ] {
69 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
70 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
78 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
81 edns\-udp\-size \fIinteger\fR;
82 max\-udp\-size \fIinteger\fR;
83 provide\-ixfr \fIboolean\fR;
84 request\-ixfr \fIboolean\fR;
85 keys \fIserver_key\fR;
86 transfers \fIinteger\fR;
87 transfer\-format ( many\-answers | one\-answer );
88 transfer\-source ( \fIipv4_address\fR | * )
89 [ port ( \fIinteger\fR | * ) ];
90 transfer\-source\-v6 ( \fIipv6_address\fR | * )
91 [ port ( \fIinteger\fR | * ) ];
92 support\-ixfr \fIboolean\fR; // obsolete
101 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
110 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
111 [ port ( \fIinteger\fR | * ) ]
112 allow { \fIaddress_match_element\fR; ... }
113 [ keys { \fIstring\fR; ... } ];
114 unix \fIunsupported\fR; // not implemented
123 channel \fIstring\fR {
125 syslog \fIoptional_facility\fR;
128 severity \fIlog_severity\fR;
129 print\-time \fIboolean\fR;
130 print\-severity \fIboolean\fR;
131 print\-category \fIboolean\fR;
133 category \fIstring\fR { \fIstring\fR; ... };
142 listen\-on [ port \fIinteger\fR ] {
143 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
145 view \fIstring\fR \fIoptional_class\fR;
146 search { \fIstring\fR; ... };
156 avoid\-v4\-udp\-ports { \fIport\fR; ... };
157 avoid\-v6\-udp\-ports { \fIport\fR; ... };
158 blackhole { \fIaddress_match_element\fR; ... };
161 directory \fIquoted_string\fR;
162 dump\-file \fIquoted_string\fR;
164 heartbeat\-interval \fIinteger\fR;
165 host\-statistics \fIboolean\fR; // not implemented
166 host\-statistics\-max \fInumber\fR; // not implemented
167 hostname ( \fIquoted_string\fR | none );
168 interface\-interval \fIinteger\fR;
169 listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
170 listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
171 match\-mapped\-addresses \fIboolean\fR;
172 memstatistics\-file \fIquoted_string\fR;
173 pid\-file ( \fIquoted_string\fR | none );
175 querylog \fIboolean\fR;
176 recursing\-file \fIquoted_string\fR;
177 reserved\-sockets \fIinteger\fR;
178 random\-device \fIquoted_string\fR;
179 recursive\-clients \fIinteger\fR;
180 serial\-query\-rate \fIinteger\fR;
181 server\-id ( \fIquoted_string\fR | none |;
182 stacksize \fIsize\fR;
183 statistics\-file \fIquoted_string\fR;
184 statistics\-interval \fIinteger\fR; // not yet implemented
185 tcp\-clients \fIinteger\fR;
186 tcp\-listen\-queue \fIinteger\fR;
187 tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
188 tkey\-gssapi\-credential \fIquoted_string\fR;
189 tkey\-domain \fIquoted_string\fR;
190 transfers\-per\-ns \fIinteger\fR;
191 transfers\-in \fIinteger\fR;
192 transfers\-out \fIinteger\fR;
193 use\-ixfr \fIboolean\fR;
194 version ( \fIquoted_string\fR | none );
195 allow\-recursion { \fIaddress_match_element\fR; ... };
196 sortlist { \fIaddress_match_element\fR; ... };
197 topology { \fIaddress_match_element\fR; ... }; // not implemented
198 auth\-nxdomain \fIboolean\fR; // default changed
199 minimal\-responses \fIboolean\fR;
200 recursion \fIboolean\fR;
202 [ class \fIstring\fR ] [ type \fIstring\fR ]
203 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
205 provide\-ixfr \fIboolean\fR;
206 request\-ixfr \fIboolean\fR;
207 rfc2308\-type1 \fIboolean\fR; // not yet implemented
208 additional\-from\-auth \fIboolean\fR;
209 additional\-from\-cache \fIboolean\fR;
210 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
211 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
212 cleaning\-interval \fIinteger\fR;
213 min\-roots \fIinteger\fR; // not implemented
214 lame\-ttl \fIinteger\fR;
215 max\-ncache\-ttl \fIinteger\fR;
216 max\-cache\-ttl \fIinteger\fR;
217 transfer\-format ( many\-answers | one\-answer );
218 max\-cache\-size \fIsize_no_default\fR;
219 max\-acache\-size \fIsize_no_default\fR;
220 clients\-per\-query \fInumber\fR;
221 max\-clients\-per\-query \fInumber\fR;
222 check\-names ( master | slave | response )
223 ( fail | warn | ignore );
224 check\-mx ( fail | warn | ignore );
225 check\-integrity \fIboolean\fR;
226 check\-mx\-cname ( fail | warn | ignore );
227 check\-srv\-cname ( fail | warn | ignore );
228 cache\-file \fIquoted_string\fR; // test option
229 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
230 preferred\-glue \fIstring\fR;
231 dual\-stack\-servers [ port \fIinteger\fR ] {
232 ( \fIquoted_string\fR [port \fIinteger\fR] |
233 \fIipv4_address\fR [port \fIinteger\fR] |
234 \fIipv6_address\fR [port \fIinteger\fR] ); ...
236 edns\-udp\-size \fIinteger\fR;
237 max\-udp\-size \fIinteger\fR;
238 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
239 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
240 dnssec\-enable \fIboolean\fR;
241 dnssec\-validation \fIboolean\fR;
242 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
243 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
244 dnssec\-accept\-expired \fIboolean\fR;
245 empty\-server \fIstring\fR;
246 empty\-contact \fIstring\fR;
247 empty\-zones\-enable \fIboolean\fR;
248 disable\-empty\-zone \fIstring\fR;
249 dialup \fIdialuptype\fR;
250 ixfr\-from\-differences \fIixfrdiff\fR;
251 allow\-query { \fIaddress_match_element\fR; ... };
252 allow\-query\-cache { \fIaddress_match_element\fR; ... };
253 allow\-transfer { \fIaddress_match_element\fR; ... };
254 allow\-update { \fIaddress_match_element\fR; ... };
255 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
256 update\-check\-ksk \fIboolean\fR;
257 masterfile\-format ( text | raw );
258 notify \fInotifytype\fR;
259 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
260 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
261 notify\-delay \fIseconds\fR;
262 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
263 [ port \fIinteger\fR ]; ... };
264 allow\-notify { \fIaddress_match_element\fR; ... };
265 forward ( first | only );
266 forwarders [ port \fIinteger\fR ] {
267 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
269 max\-journal\-size \fIsize_no_default\fR;
270 max\-transfer\-time\-in \fIinteger\fR;
271 max\-transfer\-time\-out \fIinteger\fR;
272 max\-transfer\-idle\-in \fIinteger\fR;
273 max\-transfer\-idle\-out \fIinteger\fR;
274 max\-retry\-time \fIinteger\fR;
275 min\-retry\-time \fIinteger\fR;
276 max\-refresh\-time \fIinteger\fR;
277 min\-refresh\-time \fIinteger\fR;
278 multi\-master \fIboolean\fR;
279 sig\-validity\-interval \fIinteger\fR;
280 transfer\-source ( \fIipv4_address\fR | * )
281 [ port ( \fIinteger\fR | * ) ];
282 transfer\-source\-v6 ( \fIipv6_address\fR | * )
283 [ port ( \fIinteger\fR | * ) ];
284 alt\-transfer\-source ( \fIipv4_address\fR | * )
285 [ port ( \fIinteger\fR | * ) ];
286 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
287 [ port ( \fIinteger\fR | * ) ];
288 use\-alt\-transfer\-source \fIboolean\fR;
289 zone\-statistics \fIboolean\fR;
290 key\-directory \fIquoted_string\fR;
291 zero\-no\-soa\-ttl \fIboolean\fR;
292 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
293 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
294 deallocate\-on\-exit \fIboolean\fR; // obsolete
295 fake\-iquery \fIboolean\fR; // obsolete
296 fetch\-glue \fIboolean\fR; // obsolete
297 has\-old\-clients \fIboolean\fR; // obsolete
298 maintain\-ixfr\-base \fIboolean\fR; // obsolete
299 max\-ixfr\-log\-size \fIsize\fR; // obsolete
300 multiple\-cnames \fIboolean\fR; // obsolete
301 named\-xfer \fIquoted_string\fR; // obsolete
302 serial\-queries \fIinteger\fR; // obsolete
303 treat\-cr\-as\-space \fIboolean\fR; // obsolete
304 use\-id\-pool \fIboolean\fR; // obsolete
312 view \fIstring\fR \fIoptional_class\fR {
313 match\-clients { \fIaddress_match_element\fR; ... };
314 match\-destinations { \fIaddress_match_element\fR; ... };
315 match\-recursive\-only \fIboolean\fR;
317 algorithm \fIstring\fR;
320 zone \fIstring\fR \fIoptional_class\fR {
323 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
327 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
329 allow\-recursion { \fIaddress_match_element\fR; ... };
330 sortlist { \fIaddress_match_element\fR; ... };
331 topology { \fIaddress_match_element\fR; ... }; // not implemented
332 auth\-nxdomain \fIboolean\fR; // default changed
333 minimal\-responses \fIboolean\fR;
334 recursion \fIboolean\fR;
336 [ class \fIstring\fR ] [ type \fIstring\fR ]
337 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
339 provide\-ixfr \fIboolean\fR;
340 request\-ixfr \fIboolean\fR;
341 rfc2308\-type1 \fIboolean\fR; // not yet implemented
342 additional\-from\-auth \fIboolean\fR;
343 additional\-from\-cache \fIboolean\fR;
344 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
345 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
346 cleaning\-interval \fIinteger\fR;
347 min\-roots \fIinteger\fR; // not implemented
348 lame\-ttl \fIinteger\fR;
349 max\-ncache\-ttl \fIinteger\fR;
350 max\-cache\-ttl \fIinteger\fR;
351 transfer\-format ( many\-answers | one\-answer );
352 max\-cache\-size \fIsize_no_default\fR;
353 max\-acache\-size \fIsize_no_default\fR;
354 clients\-per\-query \fInumber\fR;
355 max\-clients\-per\-query \fInumber\fR;
356 check\-names ( master | slave | response )
357 ( fail | warn | ignore );
358 check\-mx ( fail | warn | ignore );
359 check\-integrity \fIboolean\fR;
360 check\-mx\-cname ( fail | warn | ignore );
361 check\-srv\-cname ( fail | warn | ignore );
362 cache\-file \fIquoted_string\fR; // test option
363 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
364 preferred\-glue \fIstring\fR;
365 dual\-stack\-servers [ port \fIinteger\fR ] {
366 ( \fIquoted_string\fR [port \fIinteger\fR] |
367 \fIipv4_address\fR [port \fIinteger\fR] |
368 \fIipv6_address\fR [port \fIinteger\fR] ); ...
370 edns\-udp\-size \fIinteger\fR;
371 max\-udp\-size \fIinteger\fR;
372 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
373 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
374 dnssec\-enable \fIboolean\fR;
375 dnssec\-validation \fIboolean\fR;
376 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
377 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
378 dnssec\-accept\-expired \fIboolean\fR;
379 empty\-server \fIstring\fR;
380 empty\-contact \fIstring\fR;
381 empty\-zones\-enable \fIboolean\fR;
382 disable\-empty\-zone \fIstring\fR;
383 dialup \fIdialuptype\fR;
384 ixfr\-from\-differences \fIixfrdiff\fR;
385 allow\-query { \fIaddress_match_element\fR; ... };
386 allow\-query\-cache { \fIaddress_match_element\fR; ... };
387 allow\-transfer { \fIaddress_match_element\fR; ... };
388 allow\-update { \fIaddress_match_element\fR; ... };
389 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
390 update\-check\-ksk \fIboolean\fR;
391 masterfile\-format ( text | raw );
392 notify \fInotifytype\fR;
393 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
394 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
395 notify\-delay \fIseconds\fR;
396 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
397 [ port \fIinteger\fR ]; ... };
398 allow\-notify { \fIaddress_match_element\fR; ... };
399 forward ( first | only );
400 forwarders [ port \fIinteger\fR ] {
401 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
403 max\-journal\-size \fIsize_no_default\fR;
404 max\-transfer\-time\-in \fIinteger\fR;
405 max\-transfer\-time\-out \fIinteger\fR;
406 max\-transfer\-idle\-in \fIinteger\fR;
407 max\-transfer\-idle\-out \fIinteger\fR;
408 max\-retry\-time \fIinteger\fR;
409 min\-retry\-time \fIinteger\fR;
410 max\-refresh\-time \fIinteger\fR;
411 min\-refresh\-time \fIinteger\fR;
412 multi\-master \fIboolean\fR;
413 sig\-validity\-interval \fIinteger\fR;
414 transfer\-source ( \fIipv4_address\fR | * )
415 [ port ( \fIinteger\fR | * ) ];
416 transfer\-source\-v6 ( \fIipv6_address\fR | * )
417 [ port ( \fIinteger\fR | * ) ];
418 alt\-transfer\-source ( \fIipv4_address\fR | * )
419 [ port ( \fIinteger\fR | * ) ];
420 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
421 [ port ( \fIinteger\fR | * ) ];
422 use\-alt\-transfer\-source \fIboolean\fR;
423 zone\-statistics \fIboolean\fR;
424 key\-directory \fIquoted_string\fR;
425 zero\-no\-soa\-ttl \fIboolean\fR;
426 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
427 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
428 fetch\-glue \fIboolean\fR; // obsolete
429 maintain\-ixfr\-base \fIboolean\fR; // obsolete
430 max\-ixfr\-log\-size \fIsize\fR; // obsolete
438 zone \fIstring\fR \fIoptional_class\fR {
439 type ( master | slave | stub | hint |
440 forward | delegation\-only );
441 file \fIquoted_string\fR;
442 masters [ port \fIinteger\fR ] {
444 \fIipv4_address\fR [port \fIinteger\fR] |
445 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
447 database \fIstring\fR;
448 delegation\-only \fIboolean\fR;
449 check\-names ( fail | warn | ignore );
450 check\-mx ( fail | warn | ignore );
451 check\-integrity \fIboolean\fR;
452 check\-mx\-cname ( fail | warn | ignore );
453 check\-srv\-cname ( fail | warn | ignore );
454 dialup \fIdialuptype\fR;
455 ixfr\-from\-differences \fIboolean\fR;
456 journal \fIquoted_string\fR;
457 zero\-no\-soa\-ttl \fIboolean\fR;
458 allow\-query { \fIaddress_match_element\fR; ... };
459 allow\-transfer { \fIaddress_match_element\fR; ... };
460 allow\-update { \fIaddress_match_element\fR; ... };
461 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
463 ( grant | deny ) \fIstring\fR
464 ( name | subdomain | wildcard | self ) \fIstring\fR
465 \fIrrtypelist\fR; ...
467 update\-check\-ksk \fIboolean\fR;
468 masterfile\-format ( text | raw );
469 notify \fInotifytype\fR;
470 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
471 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
472 notify\-delay \fIseconds\fR;
473 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
474 [ port \fIinteger\fR ]; ... };
475 allow\-notify { \fIaddress_match_element\fR; ... };
476 forward ( first | only );
477 forwarders [ port \fIinteger\fR ] {
478 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
480 max\-journal\-size \fIsize_no_default\fR;
481 max\-transfer\-time\-in \fIinteger\fR;
482 max\-transfer\-time\-out \fIinteger\fR;
483 max\-transfer\-idle\-in \fIinteger\fR;
484 max\-transfer\-idle\-out \fIinteger\fR;
485 max\-retry\-time \fIinteger\fR;
486 min\-retry\-time \fIinteger\fR;
487 max\-refresh\-time \fIinteger\fR;
488 min\-refresh\-time \fIinteger\fR;
489 multi\-master \fIboolean\fR;
490 sig\-validity\-interval \fIinteger\fR;
491 transfer\-source ( \fIipv4_address\fR | * )
492 [ port ( \fIinteger\fR | * ) ];
493 transfer\-source\-v6 ( \fIipv6_address\fR | * )
494 [ port ( \fIinteger\fR | * ) ];
495 alt\-transfer\-source ( \fIipv4_address\fR | * )
496 [ port ( \fIinteger\fR | * ) ];
497 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
498 [ port ( \fIinteger\fR | * ) ];
499 use\-alt\-transfer\-source \fIboolean\fR;
500 zone\-statistics \fIboolean\fR;
501 key\-directory \fIquoted_string\fR;
502 ixfr\-base \fIquoted_string\fR; // obsolete
503 ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
504 maintain\-ixfr\-base \fIboolean\fR; // obsolete
505 max\-ixfr\-log\-size \fIsize\fR; // obsolete
506 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
512 \fI/etc/named.conf\fR
516 \fBnamed\-checkconf\fR(8),
518 BIND 9 Administrator Reference Manual.
520 Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")