2
3
4
6 named.conf - configuration file for named
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are supported:
15
16 C style: /* */
17
18 C++ style: // to end of line
19
20 Unix style: # to end of line
21
23 acl string { address_match_element; ... };
24
26 key domain_name {
27 algorithm string;
28 secret string;
29 };
30
32 masters string [ port integer ] {
33 ( masters | ipv4_address [port integer] |
34 ipv6_address [port integer] ) [ key string ]; ...
35 };
36
38 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
39 bogus boolean;
40 edns boolean;
41 edns-udp-size integer;
42 max-udp-size integer;
43 provide-ixfr boolean;
44 request-ixfr boolean;
45 keys server_key;
46 transfers integer;
47 transfer-format ( many-answers | one-answer );
48 transfer-source ( ipv4_address | * )
49 [ port ( integer | * ) ];
50 transfer-source-v6 ( ipv6_address | * )
51 [ port ( integer | * ) ];
52 support-ixfr boolean; // obsolete
53 };
54
56 trusted-keys {
57 domain_name flags protocol algorithm key; ...
58 };
59
61 managed-keys {
62 domain_name initial-key flags protocol algorithm key; ...
63 };
64
66 controls {
67 inet ( ipv4_address | ipv6_address | * )
68 [ port ( integer | * ) ]
69 allow { address_match_element; ... }
70 [ keys { string; ... } ];
71 unix unsupported; // not implemented
72 };
73
75 logging {
76 channel string {
77 file log_file;
78 syslog optional_facility;
79 null;
80 stderr;
81 severity log_severity;
82 print-time boolean;
83 print-severity boolean;
84 print-category boolean;
85 };
86 category string { string; ... };
87 };
88
90 lwres {
91 listen-on [ port integer ] {
92 ( ipv4_address | ipv6_address ) [ port integer ]; ...
93 };
94 view string optional_class;
95 search { string; ... };
96 ndots integer;
97 };
98
100 options {
101 avoid-v4-udp-ports { port; ... };
102 avoid-v6-udp-ports { port; ... };
103 blackhole { address_match_element; ... };
104 coresize size;
105 datasize size;
106 directory quoted_string;
107 dump-file quoted_string;
108 files size;
109 heartbeat-interval integer;
110 host-statistics boolean; // not implemented
111 host-statistics-max number; // not implemented
112 hostname ( quoted_string | none );
113 interface-interval integer;
114 listen-on [ port integer ] { address_match_element; ... };
115 listen-on-v6 [ port integer ] { address_match_element; ... };
116 match-mapped-addresses boolean;
117 memstatistics-file quoted_string;
118 pid-file ( quoted_string | none );
119 port integer;
120 querylog boolean;
121 recursing-file quoted_string;
122 reserved-sockets integer;
123 random-device quoted_string;
124 recursive-clients integer;
125 serial-query-rate integer;
126 server-id ( quoted_string | hostname | none );
127 stacksize size;
128 statistics-file quoted_string;
129 statistics-interval integer; // not yet implemented
130 tcp-clients integer;
131 tcp-listen-queue integer;
132 tkey-dhkey quoted_string integer;
133 tkey-gssapi-credential quoted_string;
134 tkey-gssapi-keytab quoted_string;
135 tkey-domain quoted_string;
136 transfers-per-ns integer;
137 transfers-in integer;
138 transfers-out integer;
139 use-ixfr boolean;
140 version ( quoted_string | none );
141 allow-recursion { address_match_element; ... };
142 allow-recursion-on { address_match_element; ... };
143 sortlist { address_match_element; ... };
144 topology { address_match_element; ... }; // not implemented
145 auth-nxdomain boolean; // default changed
146 minimal-responses boolean;
147 recursion boolean;
148 rrset-order {
149 [ class string ] [ type string ]
150 [ name quoted_string ] string string; ...
151 };
152 provide-ixfr boolean;
153 request-ixfr boolean;
154 rfc2308-type1 boolean; // not yet implemented
155 additional-from-auth boolean;
156 additional-from-cache boolean;
157 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
158 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
159 use-queryport-pool boolean;
160 queryport-pool-ports integer;
161 queryport-pool-updateinterval integer;
162 cleaning-interval integer;
163 resolver-query-timeout integer;
164 min-roots integer; // not implemented
165 lame-ttl integer;
166 max-ncache-ttl integer;
167 max-cache-ttl integer;
168 transfer-format ( many-answers | one-answer );
169 max-cache-size size;
170 max-acache-size size;
171 clients-per-query number;
172 max-clients-per-query number;
173 check-names ( master | slave | response )
174 ( fail | warn | ignore );
175 check-mx ( fail | warn | ignore );
176 check-integrity boolean;
177 check-mx-cname ( fail | warn | ignore );
178 check-srv-cname ( fail | warn | ignore );
179 cache-file quoted_string; // test option
180 suppress-initial-notify boolean; // not yet implemented
181 preferred-glue string;
182 dual-stack-servers [ port integer ] {
183 ( quoted_string [port integer] |
184 ipv4_address [port integer] |
185 ipv6_address [port integer] ); ...
186 };
187 edns-udp-size integer;
188 max-udp-size integer;
189 root-delegation-only [ exclude { quoted_string; ... } ];
190 disable-algorithms string { string; ... };
191 dnssec-enable boolean;
192 dnssec-validation boolean;
193 dnssec-lookaside ( auto | no | domain trust-anchor domain );
194 dnssec-must-be-secure string boolean;
195 dnssec-accept-expired boolean;
196 dns64-server string;
197 dns64-contact string;
198 dns64 prefix {
199 clients { <replacable>acl</replacable>; };
200 exclude { <replacable>acl</replacable>; };
201 mapped { <replacable>acl</replacable>; };
202 break-dnssec boolean;
203 recursive-only boolean;
204 suffix ipv6_address;
205 };
206 empty-server string;
207 empty-contact string;
208 empty-zones-enable boolean;
209 disable-empty-zone string;
210 dialup dialuptype;
211 ixfr-from-differences ixfrdiff;
212 allow-query { address_match_element; ... };
213 allow-query-on { address_match_element; ... };
214 allow-query-cache { address_match_element; ... };
215 allow-query-cache-on { address_match_element; ... };
216 allow-transfer { address_match_element; ... };
217 allow-update { address_match_element; ... };
218 allow-update-forwarding { address_match_element; ... };
219 update-check-ksk boolean;
220 dnssec-dnskey-kskonly boolean;
221 masterfile-format ( text | raw );
222 notify notifytype;
223 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
224 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
225 notify-delay seconds;
226 notify-to-soa boolean;
227 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
228 [ port integer ]; ...
229 [ key keyname ] ... };
230 allow-notify { address_match_element; ... };
231 forward ( first | only );
232 forwarders [ port integer ] {
233 ( ipv4_address | ipv6_address ) [ port integer ]; ...
234 };
235 max-journal-size size_no_default;
236 max-transfer-time-in integer;
237 max-transfer-time-out integer;
238 max-transfer-idle-in integer;
239 max-transfer-idle-out integer;
240 max-retry-time integer;
241 min-retry-time integer;
242 max-refresh-time integer;
243 min-refresh-time integer;
244 multi-master boolean;
245 sig-validity-interval integer;
246 sig-re-signing-interval integer;
247 sig-signing-nodes integer;
248 sig-signing-signatures integer;
249 sig-signing-type integer;
250 transfer-source ( ipv4_address | * )
251 [ port ( integer | * ) ];
252 transfer-source-v6 ( ipv6_address | * )
253 [ port ( integer | * ) ];
254 alt-transfer-source ( ipv4_address | * )
255 [ port ( integer | * ) ];
256 alt-transfer-source-v6 ( ipv6_address | * )
257 [ port ( integer | * ) ];
258 use-alt-transfer-source boolean;
259 zone-statistics boolean;
260 key-directory quoted_string;
261 managed-keys-directory quoted_string;
262 auto-dnssec allow|maintain|create|off;
263 try-tcp-refresh boolean;
264 zero-no-soa-ttl boolean;
265 zero-no-soa-ttl-cache boolean;
266 dnssec-secure-to-insecure boolean;
267 deny-answer-addresses {
268 address_match_list
269 } [ except-from { namelist } ];
270 deny-answer-aliases {
271 namelist
272 } [ except-from { namelist } ];
273 nsec3-test-zone boolean; // testing only
274 allow-v6-synthesis { address_match_element; ... }; // obsolete
275 deallocate-on-exit boolean; // obsolete
276 fake-iquery boolean; // obsolete
277 fetch-glue boolean; // obsolete
278 has-old-clients boolean; // obsolete
279 maintain-ixfr-base boolean; // obsolete
280 max-ixfr-log-size size; // obsolete
281 multiple-cnames boolean; // obsolete
282 named-xfer quoted_string; // obsolete
283 serial-queries integer; // obsolete
284 treat-cr-as-space boolean; // obsolete
285 use-id-pool boolean; // obsolete
286 };
287
289 view string optional_class {
290 match-clients { address_match_element; ... };
291 match-destinations { address_match_element; ... };
292 match-recursive-only boolean;
293 key string {
294 algorithm string;
295 secret string;
296 };
297 zone string optional_class {
298 ...
299 };
300 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
301 ...
302 };
303 trusted-keys {
304 string integer integer integer quoted_string;
305 [...]
306 };
307 allow-recursion { address_match_element; ... };
308 allow-recursion-on { address_match_element; ... };
309 sortlist { address_match_element; ... };
310 topology { address_match_element; ... }; // not implemented
311 auth-nxdomain boolean; // default changed
312 minimal-responses boolean;
313 recursion boolean;
314 rrset-order {
315 [ class string ] [ type string ]
316 [ name quoted_string ] string string; ...
317 };
318 provide-ixfr boolean;
319 request-ixfr boolean;
320 rfc2308-type1 boolean; // not yet implemented
321 additional-from-auth boolean;
322 additional-from-cache boolean;
323 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
324 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
325 use-queryport-pool boolean;
326 queryport-pool-ports integer;
327 queryport-pool-updateinterval integer;
328 cleaning-interval integer;
329 resolver-query-timeout integer;
330 min-roots integer; // not implemented
331 lame-ttl integer;
332 max-ncache-ttl integer;
333 max-cache-ttl integer;
334 transfer-format ( many-answers | one-answer );
335 max-cache-size size;
336 max-acache-size size;
337 clients-per-query number;
338 max-clients-per-query number;
339 check-names ( master | slave | response )
340 ( fail | warn | ignore );
341 check-mx ( fail | warn | ignore );
342 check-integrity boolean;
343 check-mx-cname ( fail | warn | ignore );
344 check-srv-cname ( fail | warn | ignore );
345 cache-file quoted_string; // test option
346 suppress-initial-notify boolean; // not yet implemented
347 preferred-glue string;
348 dual-stack-servers [ port integer ] {
349 ( quoted_string [port integer] |
350 ipv4_address [port integer] |
351 ipv6_address [port integer] ); ...
352 };
353 edns-udp-size integer;
354 max-udp-size integer;
355 root-delegation-only [ exclude { quoted_string; ... } ];
356 disable-algorithms string { string; ... };
357 dnssec-enable boolean;
358 dnssec-validation boolean;
359 dnssec-lookaside ( auto | no | domain trust-anchor domain );
360 dnssec-must-be-secure string boolean;
361 dnssec-accept-expired boolean;
362 dns64-server string;
363 dns64-contact string;
364 dns64 prefix {
365 clients { <replacable>acl</replacable>; };
366 exclude { <replacable>acl</replacable>; };
367 mapped { <replacable>acl</replacable>; };
368 break-dnssec boolean;
369 recursive-only boolean;
370 suffix ipv6_address;
371 };
372 empty-server string;
373 empty-contact string;
374 empty-zones-enable boolean;
375 disable-empty-zone string;
376 dialup dialuptype;
377 ixfr-from-differences ixfrdiff;
378 allow-query { address_match_element; ... };
379 allow-query-on { address_match_element; ... };
380 allow-query-cache { address_match_element; ... };
381 allow-query-cache-on { address_match_element; ... };
382 allow-transfer { address_match_element; ... };
383 allow-update { address_match_element; ... };
384 allow-update-forwarding { address_match_element; ... };
385 update-check-ksk boolean;
386 dnssec-dnskey-kskonly boolean;
387 masterfile-format ( text | raw );
388 notify notifytype;
389 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
390 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
391 notify-delay seconds;
392 notify-to-soa boolean;
393 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
394 [ port integer ]; ...
395 [ key keyname ] ... };
396 allow-notify { address_match_element; ... };
397 forward ( first | only );
398 forwarders [ port integer ] {
399 ( ipv4_address | ipv6_address ) [ port integer ]; ...
400 };
401 max-journal-size size_no_default;
402 max-transfer-time-in integer;
403 max-transfer-time-out integer;
404 max-transfer-idle-in integer;
405 max-transfer-idle-out integer;
406 max-retry-time integer;
407 min-retry-time integer;
408 max-refresh-time integer;
409 min-refresh-time integer;
410 multi-master boolean;
411 sig-validity-interval integer;
412 transfer-source ( ipv4_address | * )
413 [ port ( integer | * ) ];
414 transfer-source-v6 ( ipv6_address | * )
415 [ port ( integer | * ) ];
416 alt-transfer-source ( ipv4_address | * )
417 [ port ( integer | * ) ];
418 alt-transfer-source-v6 ( ipv6_address | * )
419 [ port ( integer | * ) ];
420 use-alt-transfer-source boolean;
421 zone-statistics boolean;
422 try-tcp-refresh boolean;
423 key-directory quoted_string;
424 zero-no-soa-ttl boolean;
425 zero-no-soa-ttl-cache boolean;
426 dnssec-secure-to-insecure boolean;
427 allow-v6-synthesis { address_match_element; ... }; // obsolete
428 fetch-glue boolean; // obsolete
429 maintain-ixfr-base boolean; // obsolete
430 max-ixfr-log-size size; // obsolete
431 };
432
434 zone string optional_class {
435 type ( master | slave | stub | hint | redirect |
436 forward | delegation-only );
437 file quoted_string;
438 masters [ port integer ] {
439 ( masters |
440 ipv4_address [port integer] |
441 ipv6_address [ port integer ] ) [ key string ]; ...
442 };
443 database string;
444 delegation-only boolean;
445 check-names ( fail | warn | ignore );
446 check-mx ( fail | warn | ignore );
447 check-integrity boolean;
448 check-mx-cname ( fail | warn | ignore );
449 check-srv-cname ( fail | warn | ignore );
450 dialup dialuptype;
451 ixfr-from-differences boolean;
452 journal quoted_string;
453 zero-no-soa-ttl boolean;
454 dnssec-secure-to-insecure boolean;
455 allow-query { address_match_element; ... };
456 allow-query-on { address_match_element; ... };
457 allow-transfer { address_match_element; ... };
458 allow-update { address_match_element; ... };
459 allow-update-forwarding { address_match_element; ... };
460 update-policy local | {
461 ( grant | deny ) string
462 ( name | subdomain | wildcard | self | selfsub | selfwild |
463 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
464 tcp-self | zonesub | 6to4-self ) string
465 rrtypelist;
466 [...]
467 };
468 update-check-ksk boolean;
469 dnssec-dnskey-kskonly boolean;
470 masterfile-format ( text | raw );
471 notify notifytype;
472 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
473 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
474 notify-delay seconds;
475 notify-to-soa boolean;
476 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
477 [ port integer ]; ...
478 [ key keyname ] ... };
479 allow-notify { address_match_element; ... };
480 forward ( first | only );
481 forwarders [ port integer ] {
482 ( ipv4_address | ipv6_address ) [ port integer ]; ...
483 };
484 max-journal-size size_no_default;
485 max-transfer-time-in integer;
486 max-transfer-time-out integer;
487 max-transfer-idle-in integer;
488 max-transfer-idle-out integer;
489 max-retry-time integer;
490 min-retry-time integer;
491 max-refresh-time integer;
492 min-refresh-time integer;
493 multi-master boolean;
494 request-ixfr boolean;
495 sig-validity-interval integer;
496 transfer-source ( ipv4_address | * )
497 [ port ( integer | * ) ];
498 transfer-source-v6 ( ipv6_address | * )
499 [ port ( integer | * ) ];
500 alt-transfer-source ( ipv4_address | * )
501 [ port ( integer | * ) ];
502 alt-transfer-source-v6 ( ipv6_address | * )
503 [ port ( integer | * ) ];
504 use-alt-transfer-source boolean;
505 zone-statistics boolean;
506 try-tcp-refresh boolean;
507 key-directory quoted_string;
508 nsec3-test-zone boolean; // testing only
509 ixfr-base quoted_string; // obsolete
510 ixfr-tmp-file quoted_string; // obsolete
511 maintain-ixfr-base boolean; // obsolete
512 max-ixfr-log-size size; // obsolete
513 pubkey integer integer integer quoted_string; // obsolete
514 };
515
517 /etc/named.conf
518
520 named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference
521 Manual.
522
524 Copyright © 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
525
526
527
528BIND9 Aug 13, 2004 NAMED.CONF(5)