2
3
4
6 named.conf - configuration file for named
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are supported:
15
16 C style: /* */
17
18 C++ style: // to end of line
19
20 Unix style: # to end of line
21
23 acl string { address_match_element; ... };
24
26 key domain_name {
27 algorithm string;
28 secret string;
29 };
30
32 masters string [ port integer ] {
33 ( masters | ipv4_address [port integer] |
34 ipv6_address [port integer] ) [ key string ]; ...
35 };
36
38 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
39 bogus boolean;
40 edns boolean;
41 edns-udp-size integer;
42 max-udp-size integer;
43 provide-ixfr boolean;
44 request-ixfr boolean;
45 keys server_key;
46 transfers integer;
47 transfer-format ( many-answers | one-answer );
48 transfer-source ( ipv4_address | * )
49 [ port ( integer | * ) ];
50 transfer-source-v6 ( ipv6_address | * )
51 [ port ( integer | * ) ];
52 support-ixfr boolean; // obsolete
53 };
54
56 trusted-keys {
57 domain_name flags protocol algorithm key; ...
58 };
59
61 managed-keys {
62 domain_name initial-key flags protocol algorithm key; ...
63 };
64
66 controls {
67 inet ( ipv4_address | ipv6_address | * )
68 [ port ( integer | * ) ]
69 allow { address_match_element; ... }
70 [ keys { string; ... } ];
71 unix unsupported; // not implemented
72 };
73
75 logging {
76 channel string {
77 file log_file;
78 syslog optional_facility;
79 null;
80 stderr;
81 severity log_severity;
82 print-time boolean;
83 print-severity boolean;
84 print-category boolean;
85 };
86 category string { string; ... };
87 };
88
90 lwres {
91 listen-on [ port integer ] {
92 ( ipv4_address | ipv6_address ) [ port integer ]; ...
93 };
94 view string optional_class;
95 search { string; ... };
96 ndots integer;
97 };
98
100 options {
101 avoid-v4-udp-ports { port; ... };
102 avoid-v6-udp-ports { port; ... };
103 blackhole { address_match_element; ... };
104 coresize size;
105 datasize size;
106 directory quoted_string;
107 dump-file quoted_string;
108 files size;
109 heartbeat-interval integer;
110 host-statistics boolean; // not implemented
111 host-statistics-max number; // not implemented
112 hostname ( quoted_string | none );
113 interface-interval integer;
114 listen-on [ port integer ] { address_match_element; ... };
115 listen-on-v6 [ port integer ] { address_match_element; ... };
116 match-mapped-addresses boolean;
117 memstatistics-file quoted_string;
118 pid-file ( quoted_string | none );
119 port integer;
120 querylog boolean;
121 recursing-file quoted_string;
122 reserved-sockets integer;
123 random-device quoted_string;
124 recursive-clients integer;
125 serial-query-rate integer;
126 server-id ( quoted_string | none |;
127 stacksize size;
128 statistics-file quoted_string;
129 statistics-interval integer; // not yet implemented
130 tcp-clients integer;
131 tcp-listen-queue integer;
132 tkey-dhkey quoted_string integer;
133 tkey-gssapi-credential quoted_string;
134 tkey-domain quoted_string;
135 transfers-per-ns integer;
136 transfers-in integer;
137 transfers-out integer;
138 use-ixfr boolean;
139 version ( quoted_string | none );
140 allow-recursion { address_match_element; ... };
141 allow-recursion-on { address_match_element; ... };
142 sortlist { address_match_element; ... };
143 topology { address_match_element; ... }; // not implemented
144 auth-nxdomain boolean; // default changed
145 minimal-responses boolean;
146 recursion boolean;
147 rrset-order {
148 [ class string ] [ type string ]
149 [ name quoted_string ] string string; ...
150 };
151 provide-ixfr boolean;
152 request-ixfr boolean;
153 rfc2308-type1 boolean; // not yet implemented
154 additional-from-auth boolean;
155 additional-from-cache boolean;
156 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
157 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
158 use-queryport-pool boolean;
159 queryport-pool-ports integer;
160 queryport-pool-updateinterval integer;
161 cleaning-interval integer;
162 min-roots integer; // not implemented
163 lame-ttl integer;
164 max-ncache-ttl integer;
165 max-cache-ttl integer;
166 transfer-format ( many-answers | one-answer );
167 max-cache-size size;
168 max-acache-size size;
169 clients-per-query number;
170 max-clients-per-query number;
171 check-names ( master | slave | response )
172 ( fail | warn | ignore );
173 check-mx ( fail | warn | ignore );
174 check-integrity boolean;
175 check-mx-cname ( fail | warn | ignore );
176 check-srv-cname ( fail | warn | ignore );
177 cache-file quoted_string; // test option
178 suppress-initial-notify boolean; // not yet implemented
179 preferred-glue string;
180 dual-stack-servers [ port integer ] {
181 ( quoted_string [port integer] |
182 ipv4_address [port integer] |
183 ipv6_address [port integer] ); ...
184 };
185 edns-udp-size integer;
186 max-udp-size integer;
187 root-delegation-only [ exclude { quoted_string; ... } ];
188 disable-algorithms string { string; ... };
189 dnssec-enable boolean;
190 dnssec-validation boolean;
191 dnssec-lookaside string trust-anchor string;
192 dnssec-lookaside ( auto | domain trust-anchor domain );
193 dnssec-must-be-secure string boolean;
194 dnssec-accept-expired boolean;
195 empty-server string;
196 empty-contact string;
197 empty-zones-enable boolean;
198 disable-empty-zone string;
199 dialup dialuptype;
200 ixfr-from-differences ixfrdiff;
201 allow-query { address_match_element; ... };
202 allow-query-on { address_match_element; ... };
203 allow-query-cache { address_match_element; ... };
204 allow-query-cache-on { address_match_element; ... };
205 allow-transfer { address_match_element; ... };
206 allow-update { address_match_element; ... };
207 allow-update-forwarding { address_match_element; ... };
208 update-check-ksk boolean;
209 dnssec-dnskey-kskonly boolean;
210 masterfile-format ( text | raw );
211 notify notifytype;
212 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
213 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
214 notify-delay seconds;
215 notify-to-soa boolean;
216 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
217 [ port integer ]; ... };
218 allow-notify { address_match_element; ... };
219 forward ( first | only );
220 forwarders [ port integer ] {
221 ( ipv4_address | ipv6_address ) [ port integer ]; ...
222 };
223 max-journal-size size_no_default;
224 max-transfer-time-in integer;
225 max-transfer-time-out integer;
226 max-transfer-idle-in integer;
227 max-transfer-idle-out integer;
228 max-retry-time integer;
229 min-retry-time integer;
230 max-refresh-time integer;
231 min-refresh-time integer;
232 multi-master boolean;
233 sig-validity-interval integer;
234 sig-re-signing-interval integer;
235 sig-signing-nodes integer;
236 sig-signing-signatures integer;
237 sig-signing-type integer;
238 transfer-source ( ipv4_address | * )
239 [ port ( integer | * ) ];
240 transfer-source-v6 ( ipv6_address | * )
241 [ port ( integer | * ) ];
242 alt-transfer-source ( ipv4_address | * )
243 [ port ( integer | * ) ];
244 alt-transfer-source-v6 ( ipv6_address | * )
245 [ port ( integer | * ) ];
246 use-alt-transfer-source boolean;
247 zone-statistics boolean;
248 key-directory quoted_string;
249 managed-keys-directory quoted_string;
250 auto-dnssec allow|maintain|create|off;
251 try-tcp-refresh boolean;
252 zero-no-soa-ttl boolean;
253 zero-no-soa-ttl-cache boolean;
254 dnssec-secure-to-insecure boolean;
255 deny-answer-addresses {
256 address_match_list
257 } [ except-from { namelist } ];
258 deny-answer-aliases {
259 namelist
260 } [ except-from { namelist } ];
261 nsec3-test-zone boolean; // testing only
262 allow-v6-synthesis { address_match_element; ... }; // obsolete
263 deallocate-on-exit boolean; // obsolete
264 fake-iquery boolean; // obsolete
265 fetch-glue boolean; // obsolete
266 has-old-clients boolean; // obsolete
267 maintain-ixfr-base boolean; // obsolete
268 max-ixfr-log-size size; // obsolete
269 multiple-cnames boolean; // obsolete
270 named-xfer quoted_string; // obsolete
271 serial-queries integer; // obsolete
272 treat-cr-as-space boolean; // obsolete
273 use-id-pool boolean; // obsolete
274 };
275
277 view string optional_class {
278 match-clients { address_match_element; ... };
279 match-destinations { address_match_element; ... };
280 match-recursive-only boolean;
281 key string {
282 algorithm string;
283 secret string;
284 };
285 zone string optional_class {
286 ...
287 };
288 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
289 ...
290 };
291 trusted-keys {
292 string integer integer integer quoted_string;
293 [...]
294 };
295 allow-recursion { address_match_element; ... };
296 allow-recursion-on { address_match_element; ... };
297 sortlist { address_match_element; ... };
298 topology { address_match_element; ... }; // not implemented
299 auth-nxdomain boolean; // default changed
300 minimal-responses boolean;
301 recursion boolean;
302 rrset-order {
303 [ class string ] [ type string ]
304 [ name quoted_string ] string string; ...
305 };
306 provide-ixfr boolean;
307 request-ixfr boolean;
308 rfc2308-type1 boolean; // not yet implemented
309 additional-from-auth boolean;
310 additional-from-cache boolean;
311 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
312 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
313 use-queryport-pool boolean;
314 queryport-pool-ports integer;
315 queryport-pool-updateinterval integer;
316 cleaning-interval integer;
317 min-roots integer; // not implemented
318 lame-ttl integer;
319 max-ncache-ttl integer;
320 max-cache-ttl integer;
321 transfer-format ( many-answers | one-answer );
322 max-cache-size size;
323 max-acache-size size;
324 clients-per-query number;
325 max-clients-per-query number;
326 check-names ( master | slave | response )
327 ( fail | warn | ignore );
328 check-mx ( fail | warn | ignore );
329 check-integrity boolean;
330 check-mx-cname ( fail | warn | ignore );
331 check-srv-cname ( fail | warn | ignore );
332 cache-file quoted_string; // test option
333 suppress-initial-notify boolean; // not yet implemented
334 preferred-glue string;
335 dual-stack-servers [ port integer ] {
336 ( quoted_string [port integer] |
337 ipv4_address [port integer] |
338 ipv6_address [port integer] ); ...
339 };
340 edns-udp-size integer;
341 max-udp-size integer;
342 root-delegation-only [ exclude { quoted_string; ... } ];
343 disable-algorithms string { string; ... };
344 dnssec-enable boolean;
345 dnssec-validation boolean;
346 dnssec-lookaside string trust-anchor string;
347 dnssec-must-be-secure string boolean;
348 dnssec-accept-expired boolean;
349 empty-server string;
350 empty-contact string;
351 empty-zones-enable boolean;
352 disable-empty-zone string;
353 dialup dialuptype;
354 ixfr-from-differences ixfrdiff;
355 allow-query { address_match_element; ... };
356 allow-query-on { address_match_element; ... };
357 allow-query-cache { address_match_element; ... };
358 allow-query-cache-on { address_match_element; ... };
359 allow-transfer { address_match_element; ... };
360 allow-update { address_match_element; ... };
361 allow-update-forwarding { address_match_element; ... };
362 update-check-ksk boolean;
363 dnssec-dnskey-kskonly boolean;
364 masterfile-format ( text | raw );
365 notify notifytype;
366 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
367 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
368 notify-delay seconds;
369 notify-to-soa boolean;
370 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
371 [ port integer ]; ... };
372 allow-notify { address_match_element; ... };
373 forward ( first | only );
374 forwarders [ port integer ] {
375 ( ipv4_address | ipv6_address ) [ port integer ]; ...
376 };
377 max-journal-size size_no_default;
378 max-transfer-time-in integer;
379 max-transfer-time-out integer;
380 max-transfer-idle-in integer;
381 max-transfer-idle-out integer;
382 max-retry-time integer;
383 min-retry-time integer;
384 max-refresh-time integer;
385 min-refresh-time integer;
386 multi-master boolean;
387 sig-validity-interval integer;
388 transfer-source ( ipv4_address | * )
389 [ port ( integer | * ) ];
390 transfer-source-v6 ( ipv6_address | * )
391 [ port ( integer | * ) ];
392 alt-transfer-source ( ipv4_address | * )
393 [ port ( integer | * ) ];
394 alt-transfer-source-v6 ( ipv6_address | * )
395 [ port ( integer | * ) ];
396 use-alt-transfer-source boolean;
397 zone-statistics boolean;
398 try-tcp-refresh boolean;
399 key-directory quoted_string;
400 zero-no-soa-ttl boolean;
401 zero-no-soa-ttl-cache boolean;
402 dnssec-secure-to-insecure boolean;
403 allow-v6-synthesis { address_match_element; ... }; // obsolete
404 fetch-glue boolean; // obsolete
405 maintain-ixfr-base boolean; // obsolete
406 max-ixfr-log-size size; // obsolete
407 };
408
410 zone string optional_class {
411 type ( master | slave | stub | hint |
412 forward | delegation-only );
413 file quoted_string;
414 masters [ port integer ] {
415 ( masters |
416 ipv4_address [port integer] |
417 ipv6_address [ port integer ] ) [ key string ]; ...
418 };
419 database string;
420 delegation-only boolean;
421 check-names ( fail | warn | ignore );
422 check-mx ( fail | warn | ignore );
423 check-integrity boolean;
424 check-mx-cname ( fail | warn | ignore );
425 check-srv-cname ( fail | warn | ignore );
426 dialup dialuptype;
427 ixfr-from-differences boolean;
428 journal quoted_string;
429 zero-no-soa-ttl boolean;
430 dnssec-secure-to-insecure boolean;
431 allow-query { address_match_element; ... };
432 allow-query-on { address_match_element; ... };
433 allow-transfer { address_match_element; ... };
434 allow-update { address_match_element; ... };
435 allow-update-forwarding { address_match_element; ... };
436 update-policy local | {
437 ( grant | deny ) string
438 ( name | subdomain | wildcard | self | selfsub | selfwild |
439 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
440 tcp-self | zonesub | 6to4-self ) string
441 rrtypelist;
442 [...]
443 };
444 update-check-ksk boolean;
445 dnssec-dnskey-kskonly boolean;
446 masterfile-format ( text | raw );
447 notify notifytype;
448 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
449 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
450 notify-delay seconds;
451 notify-to-soa boolean;
452 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
453 [ port integer ]; ... };
454 allow-notify { address_match_element; ... };
455 forward ( first | only );
456 forwarders [ port integer ] {
457 ( ipv4_address | ipv6_address ) [ port integer ]; ...
458 };
459 max-journal-size size_no_default;
460 max-transfer-time-in integer;
461 max-transfer-time-out integer;
462 max-transfer-idle-in integer;
463 max-transfer-idle-out integer;
464 max-retry-time integer;
465 min-retry-time integer;
466 max-refresh-time integer;
467 min-refresh-time integer;
468 multi-master boolean;
469 sig-validity-interval integer;
470 transfer-source ( ipv4_address | * )
471 [ port ( integer | * ) ];
472 transfer-source-v6 ( ipv6_address | * )
473 [ port ( integer | * ) ];
474 alt-transfer-source ( ipv4_address | * )
475 [ port ( integer | * ) ];
476 alt-transfer-source-v6 ( ipv6_address | * )
477 [ port ( integer | * ) ];
478 use-alt-transfer-source boolean;
479 zone-statistics boolean;
480 try-tcp-refresh boolean;
481 key-directory quoted_string;
482 nsec3-test-zone boolean; // testing only
483 ixfr-base quoted_string; // obsolete
484 ixfr-tmp-file quoted_string; // obsolete
485 maintain-ixfr-base boolean; // obsolete
486 max-ixfr-log-size size; // obsolete
487 pubkey integer integer integer quoted_string; // obsolete
488 };
489
491 /etc/named.conf
492
494 named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference
495 Manual.
496
498 Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
499
500
501
502BIND9 Aug 13, 2004 NAMED.CONF(5)