2
6 named.conf - configuration file for named
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are supported:
15 C style: /* */
17 C++ style: // to end of line
19 Unix style: # to end of line
21
23 acl string { address_match_element; ... };
24
26 key domain_name {
27 algorithm string;
28 secret string;
29 };
30
32 masters string [ port integer ] {
33 ( masters | ipv4_address [port integer] |
34 ipv6_address [port integer] ) [ key string ]; ...
35 };
36
38 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
39 bogus boolean;
40 edns boolean;
41 edns-udp-size integer;
42 max-udp-size integer;
43 provide-ixfr boolean;
44 request-ixfr boolean;
45 keys server_key;
46 transfers integer;
47 transfer-format ( many-answers | one-answer );
48 transfer-source ( ipv4_address | * )
49 [ port ( integer | * ) ];
50 transfer-source-v6 ( ipv6_address | * )
51 [ port ( integer | * ) ];
52 support-ixfr boolean; // obsolete
53 };
54
56 trusted-keys {
57 domain_name flags protocol algorithm key; ...
58 };
59
61 managed-keys {
62 domain_name initial-key flags protocol algorithm key; ...
63 };
64
66 controls {
67 inet ( ipv4_address | ipv6_address | * )
68 [ port ( integer | * ) ]
69 allow { address_match_element; ... }
70 [ keys { string; ... } ];
71 unix unsupported; // not implemented
72 };
73
75 logging {
76 channel string {
77 file log_file;
78 syslog optional_facility;
79 null;
80 stderr;
81 severity log_severity;
82 print-time boolean;
83 print-severity boolean;
84 print-category boolean;
85 };
86 category string { string; ... };
87 };
88
90 lwres {
91 listen-on [ port integer ] {
92 ( ipv4_address | ipv6_address ) [ port integer ]; ...
93 };
94 view string optional_class;
95 search { string; ... };
96 ndots integer;
97 };
98
100 options {
101 avoid-v4-udp-ports { port; ... };
102 avoid-v6-udp-ports { port; ... };
103 blackhole { address_match_element; ... };
104 coresize size;
105 datasize size;
106 directory quoted_string;
107 dump-file quoted_string;
108 files size;
109 heartbeat-interval integer;
110 host-statistics boolean; // not implemented
111 host-statistics-max number; // not implemented
112 hostname ( quoted_string | none );
113 interface-interval integer;
114 listen-on [ port integer ] { address_match_element; ... };
115 listen-on-v6 [ port integer ] { address_match_element; ... };
116 match-mapped-addresses boolean;
117 memstatistics-file quoted_string;
118 pid-file ( quoted_string | none );
119 port integer;
120 querylog boolean;
121 recursing-file quoted_string;
122 reserved-sockets integer;
123 random-device quoted_string;
124 recursive-clients integer;
125 serial-query-rate integer;
126 server-id ( quoted_string | none |;
127 stacksize size;
128 statistics-file quoted_string;
129 statistics-interval integer; // not yet implemented
130 tcp-clients integer;
131 tcp-listen-queue integer;
132 tkey-dhkey quoted_string integer;
133 tkey-gssapi-credential quoted_string;
134 tkey-gssapi-keytab quoted_string;
135 tkey-domain quoted_string;
136 transfers-per-ns integer;
137 transfers-in integer;
138 transfers-out integer;
139 use-ixfr boolean;
140 version ( quoted_string | none );
141 allow-recursion { address_match_element; ... };
142 allow-recursion-on { address_match_element; ... };
143 sortlist { address_match_element; ... };
144 topology { address_match_element; ... }; // not implemented
145 auth-nxdomain boolean; // default changed
146 minimal-responses boolean;
147 recursion boolean;
148 rrset-order {
149 [ class string ] [ type string ]
150 [ name quoted_string ] string string; ...
151 };
152 provide-ixfr boolean;
153 request-ixfr boolean;
154 rfc2308-type1 boolean; // not yet implemented
155 additional-from-auth boolean;
156 additional-from-cache boolean;
157 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
158 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
159 use-queryport-pool boolean;
160 queryport-pool-ports integer;
161 queryport-pool-updateinterval integer;
162 cleaning-interval integer;
163 resolver-query-timeout integer;
164 min-roots integer; // not implemented
165 lame-ttl integer;
166 max-ncache-ttl integer;
167 max-cache-ttl integer;
168 transfer-format ( many-answers | one-answer );
169 max-cache-size size;
170 max-acache-size size;
171 clients-per-query number;
172 max-clients-per-query number;
173 check-names ( master | slave | response )
174 ( fail | warn | ignore );
175 check-mx ( fail | warn | ignore );
176 check-integrity boolean;
177 check-mx-cname ( fail | warn | ignore );
178 check-srv-cname ( fail | warn | ignore );
179 cache-file quoted_string; // test option
180 suppress-initial-notify boolean; // not yet implemented
181 preferred-glue string;
182 dual-stack-servers [ port integer ] {
183 ( quoted_string [port integer] |
184 ipv4_address [port integer] |
185 ipv6_address [port integer] ); ...
186 };
187 edns-udp-size integer;
188 max-udp-size integer;
189 root-delegation-only [ exclude { quoted_string; ... } ];
190 disable-algorithms string { string; ... };
191 dnssec-enable boolean;
192 dnssec-validation boolean;
193 dnssec-lookaside ( auto | no | domain trust-anchor domain );
194 dnssec-must-be-secure string boolean;
195 dnssec-accept-expired boolean;
196 dns64-server string;
197 dns64-contact string;
198 dns64 prefix {
199 clients { <replacable>acl</replacable>; };
200 exclude { <replacable>acl</replacable>; };
201 mapped { <replacable>acl</replacable>; };
202 break-dnssec boolean;
203 recursive-only boolean;
204 suffix ipv6_address;
205 };
206 empty-server string;
207 empty-contact string;
208 empty-zones-enable boolean;
209 disable-empty-zone string;
210 dialup dialuptype;
211 ixfr-from-differences ixfrdiff;
212 allow-query { address_match_element; ... };
213 allow-query-on { address_match_element; ... };
214 allow-query-cache { address_match_element; ... };
215 allow-query-cache-on { address_match_element; ... };
216 allow-transfer { address_match_element; ... };
217 allow-update { address_match_element; ... };
218 allow-update-forwarding { address_match_element; ... };
219 update-check-ksk boolean;
220 dnssec-dnskey-kskonly boolean;
221 masterfile-format ( text | raw );
222 notify notifytype;
223 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
224 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
225 notify-delay seconds;
226 notify-to-soa boolean;
227 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
228 [ port integer ]; ... };
229 allow-notify { address_match_element; ... };
230 forward ( first | only );
231 forwarders [ port integer ] {
232 ( ipv4_address | ipv6_address ) [ port integer ]; ...
233 };
234 max-journal-size size_no_default;
235 max-transfer-time-in integer;
236 max-transfer-time-out integer;
237 max-transfer-idle-in integer;
238 max-transfer-idle-out integer;
239 max-retry-time integer;
240 min-retry-time integer;
241 max-refresh-time integer;
242 min-refresh-time integer;
243 multi-master boolean;
244 sig-validity-interval integer;
245 sig-re-signing-interval integer;
246 sig-signing-nodes integer;
247 sig-signing-signatures integer;
248 sig-signing-type integer;
249 transfer-source ( ipv4_address | * )
250 [ port ( integer | * ) ];
251 transfer-source-v6 ( ipv6_address | * )
252 [ port ( integer | * ) ];
253 alt-transfer-source ( ipv4_address | * )
254 [ port ( integer | * ) ];
255 alt-transfer-source-v6 ( ipv6_address | * )
256 [ port ( integer | * ) ];
257 use-alt-transfer-source boolean;
258 zone-statistics boolean;
259 key-directory quoted_string;
260 managed-keys-directory quoted_string;
261 auto-dnssec allow|maintain|create|off;
262 try-tcp-refresh boolean;
263 zero-no-soa-ttl boolean;
264 zero-no-soa-ttl-cache boolean;
265 dnssec-secure-to-insecure boolean;
266 deny-answer-addresses {
267 address_match_list
268 } [ except-from { namelist } ];
269 deny-answer-aliases {
270 namelist
271 } [ except-from { namelist } ];
272 nsec3-test-zone boolean; // testing only
273 allow-v6-synthesis { address_match_element; ... }; // obsolete
274 deallocate-on-exit boolean; // obsolete
275 fake-iquery boolean; // obsolete
276 fetch-glue boolean; // obsolete
277 has-old-clients boolean; // obsolete
278 maintain-ixfr-base boolean; // obsolete
279 max-ixfr-log-size size; // obsolete
280 multiple-cnames boolean; // obsolete
281 named-xfer quoted_string; // obsolete
282 serial-queries integer; // obsolete
283 treat-cr-as-space boolean; // obsolete
284 use-id-pool boolean; // obsolete
285 };
286
288 view string optional_class {
289 match-clients { address_match_element; ... };
290 match-destinations { address_match_element; ... };
291 match-recursive-only boolean;
292 key string {
293 algorithm string;
294 secret string;
295 };
296 zone string optional_class {
297 ...
298 };
299 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
300 ...
301 };
302 trusted-keys {
303 string integer integer integer quoted_string;
304 [...]
305 };
306 allow-recursion { address_match_element; ... };
307 allow-recursion-on { address_match_element; ... };
308 sortlist { address_match_element; ... };
309 topology { address_match_element; ... }; // not implemented
310 auth-nxdomain boolean; // default changed
311 minimal-responses boolean;
312 recursion boolean;
313 rrset-order {
314 [ class string ] [ type string ]
315 [ name quoted_string ] string string; ...
316 };
317 provide-ixfr boolean;
318 request-ixfr boolean;
319 rfc2308-type1 boolean; // not yet implemented
320 additional-from-auth boolean;
321 additional-from-cache boolean;
322 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
323 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
324 use-queryport-pool boolean;
325 queryport-pool-ports integer;
326 queryport-pool-updateinterval integer;
327 cleaning-interval integer;
328 resolver-query-timeout integer;
329 min-roots integer; // not implemented
330 lame-ttl integer;
331 max-ncache-ttl integer;
332 max-cache-ttl integer;
333 transfer-format ( many-answers | one-answer );
334 max-cache-size size;
335 max-acache-size size;
336 clients-per-query number;
337 max-clients-per-query number;
338 check-names ( master | slave | response )
339 ( fail | warn | ignore );
340 check-mx ( fail | warn | ignore );
341 check-integrity boolean;
342 check-mx-cname ( fail | warn | ignore );
343 check-srv-cname ( fail | warn | ignore );
344 cache-file quoted_string; // test option
345 suppress-initial-notify boolean; // not yet implemented
346 preferred-glue string;
347 dual-stack-servers [ port integer ] {
348 ( quoted_string [port integer] |
349 ipv4_address [port integer] |
350 ipv6_address [port integer] ); ...
351 };
352 edns-udp-size integer;
353 max-udp-size integer;
354 root-delegation-only [ exclude { quoted_string; ... } ];
355 disable-algorithms string { string; ... };
356 dnssec-enable boolean;
357 dnssec-validation boolean;
358 dnssec-lookaside ( auto | no | domain trust-anchor domain );
359 dnssec-must-be-secure string boolean;
360 dnssec-accept-expired boolean;
361 dns64-server string;
362 dns64-contact string;
363 dns64 prefix {
364 clients { <replacable>acl</replacable>; };
365 exclude { <replacable>acl</replacable>; };
366 mapped { <replacable>acl</replacable>; };
367 break-dnssec boolean;
368 recursive-only boolean;
369 suffix ipv6_address;
370 };
371 empty-server string;
372 empty-contact string;
373 empty-zones-enable boolean;
374 disable-empty-zone string;
375 dialup dialuptype;
376 ixfr-from-differences ixfrdiff;
377 allow-query { address_match_element; ... };
378 allow-query-on { address_match_element; ... };
379 allow-query-cache { address_match_element; ... };
380 allow-query-cache-on { address_match_element; ... };
381 allow-transfer { address_match_element; ... };
382 allow-update { address_match_element; ... };
383 allow-update-forwarding { address_match_element; ... };
384 update-check-ksk boolean;
385 dnssec-dnskey-kskonly boolean;
386 masterfile-format ( text | raw );
387 notify notifytype;
388 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
389 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
390 notify-delay seconds;
391 notify-to-soa boolean;
392 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
393 [ port integer ]; ... };
394 allow-notify { address_match_element; ... };
395 forward ( first | only );
396 forwarders [ port integer ] {
397 ( ipv4_address | ipv6_address ) [ port integer ]; ...
398 };
399 max-journal-size size_no_default;
400 max-transfer-time-in integer;
401 max-transfer-time-out integer;
402 max-transfer-idle-in integer;
403 max-transfer-idle-out integer;
404 max-retry-time integer;
405 min-retry-time integer;
406 max-refresh-time integer;
407 min-refresh-time integer;
408 multi-master boolean;
409 sig-validity-interval integer;
410 transfer-source ( ipv4_address | * )
411 [ port ( integer | * ) ];
412 transfer-source-v6 ( ipv6_address | * )
413 [ port ( integer | * ) ];
414 alt-transfer-source ( ipv4_address | * )
415 [ port ( integer | * ) ];
416 alt-transfer-source-v6 ( ipv6_address | * )
417 [ port ( integer | * ) ];
418 use-alt-transfer-source boolean;
419 zone-statistics boolean;
420 try-tcp-refresh boolean;
421 key-directory quoted_string;
422 zero-no-soa-ttl boolean;
423 zero-no-soa-ttl-cache boolean;
424 dnssec-secure-to-insecure boolean;
425 allow-v6-synthesis { address_match_element; ... }; // obsolete
426 fetch-glue boolean; // obsolete
427 maintain-ixfr-base boolean; // obsolete
428 max-ixfr-log-size size; // obsolete
429 };
430
432 zone string optional_class {
433 type ( master | slave | stub | hint |
434 forward | delegation-only );
435 file quoted_string;
436 masters [ port integer ] {
437 ( masters |
438 ipv4_address [port integer] |
439 ipv6_address [ port integer ] ) [ key string ]; ...
440 };
441 database string;
442 delegation-only boolean;
443 check-names ( fail | warn | ignore );
444 check-mx ( fail | warn | ignore );
445 check-integrity boolean;
446 check-mx-cname ( fail | warn | ignore );
447 check-srv-cname ( fail | warn | ignore );
448 dialup dialuptype;
449 ixfr-from-differences boolean;
450 journal quoted_string;
451 zero-no-soa-ttl boolean;
452 dnssec-secure-to-insecure boolean;
453 allow-query { address_match_element; ... };
454 allow-query-on { address_match_element; ... };
455 allow-transfer { address_match_element; ... };
456 allow-update { address_match_element; ... };
457 allow-update-forwarding { address_match_element; ... };
458 update-policy local | {
459 ( grant | deny ) string
460 ( name | subdomain | wildcard | self | selfsub | selfwild |
461 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
462 tcp-self | zonesub | 6to4-self ) string
463 rrtypelist;
464 [...]
465 };
466 update-check-ksk boolean;
467 dnssec-dnskey-kskonly boolean;
468 masterfile-format ( text | raw );
469 notify notifytype;
470 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
471 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
472 notify-delay seconds;
473 notify-to-soa boolean;
474 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
475 [ port integer ]; ... };
476 allow-notify { address_match_element; ... };
477 forward ( first | only );
478 forwarders [ port integer ] {
479 ( ipv4_address | ipv6_address ) [ port integer ]; ...
480 };
481 max-journal-size size_no_default;
482 max-transfer-time-in integer;
483 max-transfer-time-out integer;
484 max-transfer-idle-in integer;
485 max-transfer-idle-out integer;
486 max-retry-time integer;
487 min-retry-time integer;
488 max-refresh-time integer;
489 min-refresh-time integer;
490 multi-master boolean;
491 sig-validity-interval integer;
492 transfer-source ( ipv4_address | * )
493 [ port ( integer | * ) ];
494 transfer-source-v6 ( ipv6_address | * )
495 [ port ( integer | * ) ];
496 alt-transfer-source ( ipv4_address | * )
497 [ port ( integer | * ) ];
498 alt-transfer-source-v6 ( ipv6_address | * )
499 [ port ( integer | * ) ];
500 use-alt-transfer-source boolean;
501 zone-statistics boolean;
502 try-tcp-refresh boolean;
503 key-directory quoted_string;
504 nsec3-test-zone boolean; // testing only
505 ixfr-base quoted_string; // obsolete
506 ixfr-tmp-file quoted_string; // obsolete
507 maintain-ixfr-base boolean; // obsolete
508 max-ixfr-log-size size; // obsolete
509 pubkey integer integer integer quoted_string; // obsolete
510 };
511
513 /etc/named.conf
514
516 named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference
517 Manual.
518
520 Copyright © 2004-2011 Internet Systems Consortium, Inc. ("ISC")
521BIND9 Aug 13, 2004 NAMED.CONF(5)