1NAMED.CONF(5) BIND 9 NAMED.CONF(5)
2
3
4
6 named.conf - configuration file for **named**
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are sup‐
15 ported:
16
17 C style: /* */
18 C++ style: // to end of line
19
20 Unix style: # to end of line
21
22 ACL
23 acl string { address_match_element; ... };
24
25 CONTROLS
26 controls {
27 inet ( ipv4_address | ipv6_address |
28 * ) [ port ( integer | * ) ] allow
29 { address_match_element; ... } [
30 keys { string; ... } ] [ read-only
31 boolean ];
32 unix quoted_string perm integer
33 owner integer group integer [
34 keys { string; ... } ] [ read-only
35 boolean ];
36 };
37
38 DLZ
39 dlz string {
40 database string;
41 search boolean;
42 };
43
44 DNSSEC-POLICY
45 dnssec-policy string {
46 dnskey-ttl duration;
47 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
48 duration_or_unlimited algorithm string [ integer ]; ... };
49 max-zone-ttl duration;
50 nsec3param [ iterations integer ] [ optout boolean ] [
51 salt-length integer ];
52 parent-ds-ttl duration;
53 parent-propagation-delay duration;
54 publish-safety duration;
55 purge-keys duration;
56 retire-safety duration;
57 signatures-refresh duration;
58 signatures-validity duration;
59 signatures-validity-dnskey duration;
60 zone-propagation-delay duration;
61 };
62
63 DYNDB
64 dyndb string quoted_string {
65 unspecified-text };
66
67 KEY
68 key string {
69 algorithm string;
70 secret string;
71 };
72
73 LOGGING
74 logging {
75 category string { string; ... };
76 channel string {
77 buffered boolean;
78 file quoted_string [ versions ( unlimited | integer ) ]
79 [ size size ] [ suffix ( increment | timestamp ) ];
80 null;
81 print-category boolean;
82 print-severity boolean;
83 print-time ( iso8601 | iso8601-utc | local | boolean );
84 severity log_severity;
85 stderr;
86 syslog [ syslog_facility ];
87 };
88 };
89
90 MANAGED-KEYS
91 See DNSSEC-KEYS.
92
93 managed-keys { string ( static-key
94 | initial-key | static-ds |
95 initial-ds ) integer integer
96 integer quoted_string; ... };, deprecated
97
98 MASTERS
99 masters string [ port integer ] [ dscp
100 integer ] { ( remote-servers |
101 ipv4_address [ port integer ] |
102 ipv6_address [ port integer ] ) [ key
103 string ]; ... };
104
105 OPTIONS
106 options {
107 allow-new-zones boolean;
108 allow-notify { address_match_element; ... };
109 allow-query { address_match_element; ... };
110 allow-query-cache { address_match_element; ... };
111 allow-query-cache-on { address_match_element; ... };
112 allow-query-on { address_match_element; ... };
113 allow-recursion { address_match_element; ... };
114 allow-recursion-on { address_match_element; ... };
115 allow-transfer { address_match_element; ... };
116 allow-update { address_match_element; ... };
117 allow-update-forwarding { address_match_element; ... };
118 also-notify [ port integer ] [ dscp integer ] { (
119 remote-servers | ipv4_address [ port integer ] |
120 ipv6_address [ port integer ] ) [ key string ]; ... };
121 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
122 ] [ dscp integer ];
123 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
124 * ) ] [ dscp integer ];
125 answer-cookie boolean;
126 attach-cache string;
127 auth-nxdomain boolean; // default changed
128 auto-dnssec ( allow | maintain | off );
129 automatic-interface-scan boolean;
130 avoid-v4-udp-ports { portrange; ... };
131 avoid-v6-udp-ports { portrange; ... };
132 bindkeys-file quoted_string;
133 blackhole { address_match_element; ... };
134 cache-file quoted_string;// deprecated
135 catalog-zones { zone string [ default-masters [ port integer ]
136 [ dscp integer ] { ( remote-servers | ipv4_address [ port
137 integer ] | ipv6_address [ port integer ] ) [ key
138 string ]; ... } ] [ zone-directory quoted_string ] [
139 in-memory boolean ] [ min-update-interval duration ]; ... };
140 check-dup-records ( fail | warn | ignore );
141 check-integrity boolean;
142 check-mx ( fail | warn | ignore );
143 check-mx-cname ( fail | warn | ignore );
144 check-names ( primary | master |
145 secondary | slave | response ) (
146 fail | warn | ignore );
147 check-sibling boolean;
148 check-spf ( warn | ignore );
149 check-srv-cname ( fail | warn | ignore );
150 check-wildcard boolean;
151 clients-per-query integer;
152 cookie-algorithm ( aes | siphash24 );
153 cookie-secret string;
154 coresize ( default | unlimited | sizeval );
155 datasize ( default | unlimited | sizeval );
156 deny-answer-addresses { address_match_element; ... } [
157 except-from { string; ... } ];
158 deny-answer-aliases { string; ... } [ except-from { string; ...
159 } ];
160 dialup ( notify | notify-passive | passive | refresh | boolean );
161 directory quoted_string;
162 disable-algorithms string { string;
163 ... };
164 disable-ds-digests string { string;
165 ... };
166 disable-empty-zone string;
167 dns64 netprefix {
168 break-dnssec boolean;
169 clients { address_match_element; ... };
170 exclude { address_match_element; ... };
171 mapped { address_match_element; ... };
172 recursive-only boolean;
173 suffix ipv6_address;
174 };
175 dns64-contact string;
176 dns64-server string;
177 dnskey-sig-validity integer;
178 dnsrps-enable boolean;
179 dnsrps-options { unspecified-text };
180 dnssec-accept-expired boolean;
181 dnssec-dnskey-kskonly boolean;
182 dnssec-loadkeys-interval integer;
183 dnssec-must-be-secure string boolean;
184 dnssec-policy string;
185 dnssec-secure-to-insecure boolean;
186 dnssec-update-mode ( maintain | no-resign );
187 dnssec-validation ( yes | no | auto );
188 dnstap { ( all | auth | client | forwarder | resolver | update ) [
189 ( query | response ) ]; ... };
190 dnstap-identity ( quoted_string | none | hostname );
191 dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
192 size ) ] [ versions ( unlimited | integer ) ] [ suffix (
193 increment | timestamp ) ];
194 dnstap-version ( quoted_string | none );
195 dscp integer;
196 dual-stack-servers [ port integer ] { ( quoted_string [ port
197 integer ] [ dscp integer ] | ipv4_address [ port
198 integer ] [ dscp integer ] | ipv6_address [ port
199 integer ] [ dscp integer ] ); ... };
200 dump-file quoted_string;
201 edns-udp-size integer;
202 empty-contact string;
203 empty-server string;
204 empty-zones-enable boolean;
205 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
206 fetches-per-server integer [ ( drop | fail ) ];
207 fetches-per-zone integer [ ( drop | fail ) ];
208 files ( default | unlimited | sizeval );
209 flush-zones-on-shutdown boolean;
210 forward ( first | only );
211 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
212 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
213 fstrm-set-buffer-hint integer;
214 fstrm-set-flush-timeout integer;
215 fstrm-set-input-queue-size integer;
216 fstrm-set-output-notify-threshold integer;
217 fstrm-set-output-queue-model ( mpsc | spsc );
218 fstrm-set-output-queue-size integer;
219 fstrm-set-reopen-interval duration;
220 geoip-directory ( quoted_string | none );
221 glue-cache boolean;
222 heartbeat-interval integer;
223 hostname ( quoted_string | none );
224 interface-interval duration;
225 ixfr-from-differences ( primary | master | secondary | slave |
226 boolean );
227 keep-response-order { address_match_element; ... };
228 key-directory quoted_string;
229 lame-ttl duration;
230 listen-on [ port integer ] [ dscp
231 integer ] {
232 address_match_element; ... };
233 listen-on-v6 [ port integer ] [ dscp
234 integer ] {
235 address_match_element; ... };
236 lmdb-mapsize sizeval;
237 lock-file ( quoted_string | none );
238 managed-keys-directory quoted_string;
239 masterfile-format ( map | raw | text );
240 masterfile-style ( full | relative );
241 match-mapped-addresses boolean;
242 max-cache-size ( default | unlimited | sizeval | percentage );
243 max-cache-ttl duration;
244 max-clients-per-query integer;
245 max-ixfr-ratio ( unlimited | percentage );
246 max-journal-size ( default | unlimited | sizeval );
247 max-ncache-ttl duration;
248 max-records integer;
249 max-recursion-depth integer;
250 max-recursion-queries integer;
251 max-refresh-time integer;
252 max-retry-time integer;
253 max-rsa-exponent-size integer;
254 max-stale-ttl duration;
255 max-transfer-idle-in integer;
256 max-transfer-idle-out integer;
257 max-transfer-time-in integer;
258 max-transfer-time-out integer;
259 max-udp-size integer;
260 max-zone-ttl ( unlimited | duration );
261 memstatistics boolean;
262 memstatistics-file quoted_string;
263 message-compression boolean;
264 min-cache-ttl duration;
265 min-ncache-ttl duration;
266 min-refresh-time integer;
267 min-retry-time integer;
268 minimal-any boolean;
269 minimal-responses ( no-auth | no-auth-recursive | boolean );
270 multi-master boolean;
271 new-zones-directory quoted_string;
272 no-case-compress { address_match_element; ... };
273 nocookie-udp-size integer;
274 notify ( explicit | master-only | primary-only | boolean );
275 notify-delay integer;
276 notify-rate integer;
277 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
278 dscp integer ];
279 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
280 [ dscp integer ];
281 notify-to-soa boolean;
282 nta-lifetime duration;
283 nta-recheck duration;
284 nxdomain-redirect string;
285 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
286 dscp integer ];
287 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
288 ] [ dscp integer ];
289 pid-file ( quoted_string | none );
290 port integer;
291 preferred-glue string;
292 prefetch integer [ integer ];
293 provide-ixfr boolean;
294 qname-minimization ( strict | relaxed | disabled | off );
295 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
296 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
297 port ( integer | * ) ) ) [ dscp integer ];
298 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
299 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
300 port ( integer | * ) ) ) [ dscp integer ];
301 querylog boolean;
302 random-device ( quoted_string | none );
303 rate-limit {
304 all-per-second integer;
305 errors-per-second integer;
306 exempt-clients { address_match_element; ... };
307 ipv4-prefix-length integer;
308 ipv6-prefix-length integer;
309 log-only boolean;
310 max-table-size integer;
311 min-table-size integer;
312 nodata-per-second integer;
313 nxdomains-per-second integer;
314 qps-scale integer;
315 referrals-per-second integer;
316 responses-per-second integer;
317 slip integer;
318 window integer;
319 };
320 recursing-file quoted_string;
321 recursion boolean;
322 recursive-clients integer;
323 request-expire boolean;
324 request-ixfr boolean;
325 request-nsid boolean;
326 require-server-cookie boolean;
327 reserved-sockets integer;
328 resolver-nonbackoff-tries integer;
329 resolver-query-timeout integer;
330 resolver-retry-interval integer;
331 response-padding { address_match_element; ... } block-size
332 integer;
333 response-policy { zone string [ add-soa boolean ] [ log
334 boolean ] [ max-policy-ttl duration ] [ min-update-interval
335 duration ] [ policy ( cname | disabled | drop | given | no-op
336 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
337 recursive-only boolean ] [ nsip-enable boolean ] [
338 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
339 break-dnssec boolean ] [ max-policy-ttl duration ] [
340 min-update-interval duration ] [ min-ns-dots integer ] [
341 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
342 [ recursive-only boolean ] [ nsip-enable boolean ] [
343 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
344 dnsrps-options { unspecified-text } ];
345 root-delegation-only [ exclude { string; ... } ];
346 root-key-sentinel boolean;
347 rrset-order { [ class string ] [ type string ] [ name
348 quoted_string ] string string; ... };
349 secroots-file quoted_string;
350 send-cookie boolean;
351 serial-query-rate integer;
352 serial-update-method ( date | increment | unixtime );
353 server-id ( quoted_string | none | hostname );
354 servfail-ttl duration;
355 session-keyalg string;
356 session-keyfile ( quoted_string | none );
357 session-keyname string;
358 sig-signing-nodes integer;
359 sig-signing-signatures integer;
360 sig-signing-type integer;
361 sig-validity-interval integer [ integer ];
362 sortlist { address_match_element; ... };
363 stacksize ( default | unlimited | sizeval );
364 stale-answer-client-timeout ( disabled | off | integer );
365 stale-answer-enable boolean;
366 stale-answer-ttl duration;
367 stale-cache-enable boolean;
368 stale-refresh-time duration;
369 startup-notify-rate integer;
370 statistics-file quoted_string;
371 synth-from-dnssec boolean;
372 tcp-advertised-timeout integer;
373 tcp-clients integer;
374 tcp-idle-timeout integer;
375 tcp-initial-timeout integer;
376 tcp-keepalive-timeout integer;
377 tcp-listen-queue integer;
378 tkey-dhkey quoted_string integer;
379 tkey-domain quoted_string;
380 tkey-gssapi-credential quoted_string;
381 tkey-gssapi-keytab quoted_string;
382 transfer-format ( many-answers | one-answer );
383 transfer-message-size integer;
384 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
385 dscp integer ];
386 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
387 ] [ dscp integer ];
388 transfers-in integer;
389 transfers-out integer;
390 transfers-per-ns integer;
391 trust-anchor-telemetry boolean; // experimental
392 try-tcp-refresh boolean;
393 update-check-ksk boolean;
394 use-alt-transfer-source boolean;
395 use-v4-udp-ports { portrange; ... };
396 use-v6-udp-ports { portrange; ... };
397 v6-bias integer;
398 validate-except { string; ... };
399 version ( quoted_string | none );
400 zero-no-soa-ttl boolean;
401 zero-no-soa-ttl-cache boolean;
402 zone-statistics ( full | terse | none | boolean );
403 };
404
405 PARENTAL-AGENTS
406 parental-agents string [ port integer ] [
407 dscp integer ] { ( remote-servers |
408 ipv4_address [ port integer ] |
409 ipv6_address [ port integer ] ) [ key
410 string ]; ... };
411
412 PLUGIN
413 plugin ( query ) string [ { unspecified-text
414 } ];
415
416 PRIMARIES
417 primaries string [ port integer ] [ dscp
418 integer ] { ( remote-servers |
419 ipv4_address [ port integer ] |
420 ipv6_address [ port integer ] ) [ key
421 string ]; ... };
422
423 SERVER
424 server netprefix {
425 bogus boolean;
426 edns boolean;
427 edns-udp-size integer;
428 edns-version integer;
429 keys server_key;
430 max-udp-size integer;
431 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
432 dscp integer ];
433 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
434 [ dscp integer ];
435 padding integer;
436 provide-ixfr boolean;
437 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
438 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
439 port ( integer | * ) ) ) [ dscp integer ];
440 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
441 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
442 port ( integer | * ) ) ) [ dscp integer ];
443 request-expire boolean;
444 request-ixfr boolean;
445 request-nsid boolean;
446 send-cookie boolean;
447 tcp-keepalive boolean;
448 tcp-only boolean;
449 transfer-format ( many-answers | one-answer );
450 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
451 dscp integer ];
452 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
453 ] [ dscp integer ];
454 transfers integer;
455 };
456
457 STATISTICS-CHANNELS
458 statistics-channels {
459 inet ( ipv4_address | ipv6_address |
460 * ) [ port ( integer | * ) ] [
461 allow { address_match_element; ...
462 } ];
463 };
464
465 TRUST-ANCHORS
466 trust-anchors { string ( static-key |
467 initial-key | static-ds | initial-ds )
468 integer integer integer
469 quoted_string; ... };
470
471 TRUSTED-KEYS
472 Deprecated - see DNSSEC-KEYS.
473
474 trusted-keys { string integer
475 integer integer
476 quoted_string; ... };, deprecated
477
478 VIEW
479 view string [ class ] {
480 allow-new-zones boolean;
481 allow-notify { address_match_element; ... };
482 allow-query { address_match_element; ... };
483 allow-query-cache { address_match_element; ... };
484 allow-query-cache-on { address_match_element; ... };
485 allow-query-on { address_match_element; ... };
486 allow-recursion { address_match_element; ... };
487 allow-recursion-on { address_match_element; ... };
488 allow-transfer { address_match_element; ... };
489 allow-update { address_match_element; ... };
490 allow-update-forwarding { address_match_element; ... };
491 also-notify [ port integer ] [ dscp integer ] { (
492 remote-servers | ipv4_address [ port integer ] |
493 ipv6_address [ port integer ] ) [ key string ]; ... };
494 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
495 ] [ dscp integer ];
496 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
497 * ) ] [ dscp integer ];
498 attach-cache string;
499 auth-nxdomain boolean; // default changed
500 auto-dnssec ( allow | maintain | off );
501 cache-file quoted_string;// deprecated
502 catalog-zones { zone string [ default-masters [ port integer ]
503 [ dscp integer ] { ( remote-servers | ipv4_address [ port
504 integer ] | ipv6_address [ port integer ] ) [ key
505 string ]; ... } ] [ zone-directory quoted_string ] [
506 in-memory boolean ] [ min-update-interval duration ]; ... };
507 check-dup-records ( fail | warn | ignore );
508 check-integrity boolean;
509 check-mx ( fail | warn | ignore );
510 check-mx-cname ( fail | warn | ignore );
511 check-names ( primary | master |
512 secondary | slave | response ) (
513 fail | warn | ignore );
514 check-sibling boolean;
515 check-spf ( warn | ignore );
516 check-srv-cname ( fail | warn | ignore );
517 check-wildcard boolean;
518 clients-per-query integer;
519 deny-answer-addresses { address_match_element; ... } [
520 except-from { string; ... } ];
521 deny-answer-aliases { string; ... } [ except-from { string; ...
522 } ];
523 dialup ( notify | notify-passive | passive | refresh | boolean );
524 disable-algorithms string { string;
525 ... };
526 disable-ds-digests string { string;
527 ... };
528 disable-empty-zone string;
529 dlz string {
530 database string;
531 search boolean;
532 };
533 dns64 netprefix {
534 break-dnssec boolean;
535 clients { address_match_element; ... };
536 exclude { address_match_element; ... };
537 mapped { address_match_element; ... };
538 recursive-only boolean;
539 suffix ipv6_address;
540 };
541 dns64-contact string;
542 dns64-server string;
543 dnskey-sig-validity integer;
544 dnsrps-enable boolean;
545 dnsrps-options { unspecified-text };
546 dnssec-accept-expired boolean;
547 dnssec-dnskey-kskonly boolean;
548 dnssec-loadkeys-interval integer;
549 dnssec-must-be-secure string boolean;
550 dnssec-policy string;
551 dnssec-secure-to-insecure boolean;
552 dnssec-update-mode ( maintain | no-resign );
553 dnssec-validation ( yes | no | auto );
554 dnstap { ( all | auth | client | forwarder | resolver | update ) [
555 ( query | response ) ]; ... };
556 dual-stack-servers [ port integer ] { ( quoted_string [ port
557 integer ] [ dscp integer ] | ipv4_address [ port
558 integer ] [ dscp integer ] | ipv6_address [ port
559 integer ] [ dscp integer ] ); ... };
560 dyndb string quoted_string {
561 unspecified-text };
562 edns-udp-size integer;
563 empty-contact string;
564 empty-server string;
565 empty-zones-enable boolean;
566 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
567 fetches-per-server integer [ ( drop | fail ) ];
568 fetches-per-zone integer [ ( drop | fail ) ];
569 forward ( first | only );
570 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
571 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
572 glue-cache boolean;
573 ixfr-from-differences ( primary | master | secondary | slave |
574 boolean );
575 key string {
576 algorithm string;
577 secret string;
578 };
579 key-directory quoted_string;
580 lame-ttl duration;
581 lmdb-mapsize sizeval;
582 managed-keys { string (
583 static-key | initial-key
584 | static-ds | initial-ds
585 ) integer integer
586 integer
587 quoted_string; ... };, deprecated
588 masterfile-format ( map | raw | text );
589 masterfile-style ( full | relative );
590 match-clients { address_match_element; ... };
591 match-destinations { address_match_element; ... };
592 match-recursive-only boolean;
593 max-cache-size ( default | unlimited | sizeval | percentage );
594 max-cache-ttl duration;
595 max-clients-per-query integer;
596 max-ixfr-ratio ( unlimited | percentage );
597 max-journal-size ( default | unlimited | sizeval );
598 max-ncache-ttl duration;
599 max-records integer;
600 max-recursion-depth integer;
601 max-recursion-queries integer;
602 max-refresh-time integer;
603 max-retry-time integer;
604 max-stale-ttl duration;
605 max-transfer-idle-in integer;
606 max-transfer-idle-out integer;
607 max-transfer-time-in integer;
608 max-transfer-time-out integer;
609 max-udp-size integer;
610 max-zone-ttl ( unlimited | duration );
611 message-compression boolean;
612 min-cache-ttl duration;
613 min-ncache-ttl duration;
614 min-refresh-time integer;
615 min-retry-time integer;
616 minimal-any boolean;
617 minimal-responses ( no-auth | no-auth-recursive | boolean );
618 multi-master boolean;
619 new-zones-directory quoted_string;
620 no-case-compress { address_match_element; ... };
621 nocookie-udp-size integer;
622 notify ( explicit | master-only | primary-only | boolean );
623 notify-delay integer;
624 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
625 dscp integer ];
626 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
627 [ dscp integer ];
628 notify-to-soa boolean;
629 nta-lifetime duration;
630 nta-recheck duration;
631 nxdomain-redirect string;
632 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
633 dscp integer ];
634 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
635 ] [ dscp integer ];
636 plugin ( query ) string [ {
637 unspecified-text } ];
638 preferred-glue string;
639 prefetch integer [ integer ];
640 provide-ixfr boolean;
641 qname-minimization ( strict | relaxed | disabled | off );
642 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
643 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
644 port ( integer | * ) ) ) [ dscp integer ];
645 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
646 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
647 port ( integer | * ) ) ) [ dscp integer ];
648 rate-limit {
649 all-per-second integer;
650 errors-per-second integer;
651 exempt-clients { address_match_element; ... };
652 ipv4-prefix-length integer;
653 ipv6-prefix-length integer;
654 log-only boolean;
655 max-table-size integer;
656 min-table-size integer;
657 nodata-per-second integer;
658 nxdomains-per-second integer;
659 qps-scale integer;
660 referrals-per-second integer;
661 responses-per-second integer;
662 slip integer;
663 window integer;
664 };
665 recursion boolean;
666 request-expire boolean;
667 request-ixfr boolean;
668 request-nsid boolean;
669 require-server-cookie boolean;
670 resolver-nonbackoff-tries integer;
671 resolver-query-timeout integer;
672 resolver-retry-interval integer;
673 response-padding { address_match_element; ... } block-size
674 integer;
675 response-policy { zone string [ add-soa boolean ] [ log
676 boolean ] [ max-policy-ttl duration ] [ min-update-interval
677 duration ] [ policy ( cname | disabled | drop | given | no-op
678 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
679 recursive-only boolean ] [ nsip-enable boolean ] [
680 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
681 break-dnssec boolean ] [ max-policy-ttl duration ] [
682 min-update-interval duration ] [ min-ns-dots integer ] [
683 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
684 [ recursive-only boolean ] [ nsip-enable boolean ] [
685 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
686 dnsrps-options { unspecified-text } ];
687 root-delegation-only [ exclude { string; ... } ];
688 root-key-sentinel boolean;
689 rrset-order { [ class string ] [ type string ] [ name
690 quoted_string ] string string; ... };
691 send-cookie boolean;
692 serial-update-method ( date | increment | unixtime );
693 server netprefix {
694 bogus boolean;
695 edns boolean;
696 edns-udp-size integer;
697 edns-version integer;
698 keys server_key;
699 max-udp-size integer;
700 notify-source ( ipv4_address | * ) [ port ( integer | *
701 ) ] [ dscp integer ];
702 notify-source-v6 ( ipv6_address | * ) [ port ( integer
703 | * ) ] [ dscp integer ];
704 padding integer;
705 provide-ixfr boolean;
706 query-source ( ( [ address ] ( ipv4_address | * ) [ port
707 ( integer | * ) ] ) | ( [ [ address ] (
708 ipv4_address | * ) ] port ( integer | * ) ) ) [
709 dscp integer ];
710 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
711 port ( integer | * ) ] ) | ( [ [ address ] (
712 ipv6_address | * ) ] port ( integer | * ) ) ) [
713 dscp integer ];
714 request-expire boolean;
715 request-ixfr boolean;
716 request-nsid boolean;
717 send-cookie boolean;
718 tcp-keepalive boolean;
719 tcp-only boolean;
720 transfer-format ( many-answers | one-answer );
721 transfer-source ( ipv4_address | * ) [ port ( integer |
722 * ) ] [ dscp integer ];
723 transfer-source-v6 ( ipv6_address | * ) [ port (
724 integer | * ) ] [ dscp integer ];
725 transfers integer;
726 };
727 servfail-ttl duration;
728 sig-signing-nodes integer;
729 sig-signing-signatures integer;
730 sig-signing-type integer;
731 sig-validity-interval integer [ integer ];
732 sortlist { address_match_element; ... };
733 stale-answer-client-timeout ( disabled | off | integer );
734 stale-answer-enable boolean;
735 stale-answer-ttl duration;
736 stale-cache-enable boolean;
737 stale-refresh-time duration;
738 synth-from-dnssec boolean;
739 transfer-format ( many-answers | one-answer );
740 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
741 dscp integer ];
742 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
743 ] [ dscp integer ];
744 trust-anchor-telemetry boolean; // experimental
745 trust-anchors { string ( static-key |
746 initial-key | static-ds | initial-ds
747 ) integer integer integer
748 quoted_string; ... };
749 trusted-keys { string
750 integer integer
751 integer
752 quoted_string; ... };, deprecated
753 try-tcp-refresh boolean;
754 update-check-ksk boolean;
755 use-alt-transfer-source boolean;
756 v6-bias integer;
757 validate-except { string; ... };
758 zero-no-soa-ttl boolean;
759 zero-no-soa-ttl-cache boolean;
760 zone string [ class ] {
761 allow-notify { address_match_element; ... };
762 allow-query { address_match_element; ... };
763 allow-query-on { address_match_element; ... };
764 allow-transfer { address_match_element; ... };
765 allow-update { address_match_element; ... };
766 allow-update-forwarding { address_match_element; ... };
767 also-notify [ port integer ] [ dscp integer ] { (
768 remote-servers | ipv4_address [ port integer ] |
769 ipv6_address [ port integer ] ) [ key string ];
770 ... };
771 alt-transfer-source ( ipv4_address | * ) [ port (
772 integer | * ) ] [ dscp integer ];
773 alt-transfer-source-v6 ( ipv6_address | * ) [ port (
774 integer | * ) ] [ dscp integer ];
775 auto-dnssec ( allow | maintain | off );
776 check-dup-records ( fail | warn | ignore );
777 check-integrity boolean;
778 check-mx ( fail | warn | ignore );
779 check-mx-cname ( fail | warn | ignore );
780 check-names ( fail | warn | ignore );
781 check-sibling boolean;
782 check-spf ( warn | ignore );
783 check-srv-cname ( fail | warn | ignore );
784 check-wildcard boolean;
785 database string;
786 delegation-only boolean;
787 dialup ( notify | notify-passive | passive | refresh |
788 boolean );
789 dlz string;
790 dnskey-sig-validity integer;
791 dnssec-dnskey-kskonly boolean;
792 dnssec-loadkeys-interval integer;
793 dnssec-policy string;
794 dnssec-secure-to-insecure boolean;
795 dnssec-update-mode ( maintain | no-resign );
796 file quoted_string;
797 forward ( first | only );
798 forwarders [ port integer ] [ dscp integer ] { (
799 ipv4_address | ipv6_address ) [ port integer ] [
800 dscp integer ]; ... };
801 in-view string;
802 inline-signing boolean;
803 ixfr-from-differences boolean;
804 journal quoted_string;
805 key-directory quoted_string;
806 masterfile-format ( map | raw | text );
807 masterfile-style ( full | relative );
808 masters [ port integer ] [ dscp integer ] { (
809 remote-servers | ipv4_address [ port integer ] |
810 ipv6_address [ port integer ] ) [ key string ];
811 ... };
812 max-ixfr-ratio ( unlimited | percentage );
813 max-journal-size ( default | unlimited | sizeval );
814 max-records integer;
815 max-refresh-time integer;
816 max-retry-time integer;
817 max-transfer-idle-in integer;
818 max-transfer-idle-out integer;
819 max-transfer-time-in integer;
820 max-transfer-time-out integer;
821 max-zone-ttl ( unlimited | duration );
822 min-refresh-time integer;
823 min-retry-time integer;
824 multi-master boolean;
825 notify ( explicit | master-only | primary-only | boolean );
826 notify-delay integer;
827 notify-source ( ipv4_address | * ) [ port ( integer | *
828 ) ] [ dscp integer ];
829 notify-source-v6 ( ipv6_address | * ) [ port ( integer
830 | * ) ] [ dscp integer ];
831 notify-to-soa boolean;
832 parental-agents [ port integer ] [ dscp integer ] { (
833 remote-servers | ipv4_address [ port integer ] |
834 ipv6_address [ port integer ] ) [ key string ];
835 ... };
836 parental-source ( ipv4_address | * ) [ port ( integer |
837 * ) ] [ dscp integer ];
838 parental-source-v6 ( ipv6_address | * ) [ port (
839 integer | * ) ] [ dscp integer ];
840 primaries [ port integer ] [ dscp integer ] { (
841 remote-servers | ipv4_address [ port integer ] |
842 ipv6_address [ port integer ] ) [ key string ];
843 ... };
844 request-expire boolean;
845 request-ixfr boolean;
846 serial-update-method ( date | increment | unixtime );
847 server-addresses { ( ipv4_address | ipv6_address ); ... };
848 server-names { string; ... };
849 sig-signing-nodes integer;
850 sig-signing-signatures integer;
851 sig-signing-type integer;
852 sig-validity-interval integer [ integer ];
853 transfer-source ( ipv4_address | * ) [ port ( integer |
854 * ) ] [ dscp integer ];
855 transfer-source-v6 ( ipv6_address | * ) [ port (
856 integer | * ) ] [ dscp integer ];
857 try-tcp-refresh boolean;
858 type ( primary | master | secondary | slave | mirror |
859 delegation-only | forward | hint | redirect |
860 static-stub | stub );
861 update-check-ksk boolean;
862 update-policy ( local | { ( deny | grant ) string (
863 6to4-self | external | krb5-self | krb5-selfsub |
864 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
865 name | self | selfsub | selfwild | subdomain | tcp-self
866 | wildcard | zonesub ) [ string ] rrtypelist; ... };
867 use-alt-transfer-source boolean;
868 zero-no-soa-ttl boolean;
869 zone-statistics ( full | terse | none | boolean );
870 };
871 zone-statistics ( full | terse | none | boolean );
872 };
873
874 ZONE
875 zone string [ class ] {
876 allow-notify { address_match_element; ... };
877 allow-query { address_match_element; ... };
878 allow-query-on { address_match_element; ... };
879 allow-transfer { address_match_element; ... };
880 allow-update { address_match_element; ... };
881 allow-update-forwarding { address_match_element; ... };
882 also-notify [ port integer ] [ dscp integer ] { (
883 remote-servers | ipv4_address [ port integer ] |
884 ipv6_address [ port integer ] ) [ key string ]; ... };
885 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
886 ] [ dscp integer ];
887 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
888 * ) ] [ dscp integer ];
889 auto-dnssec ( allow | maintain | off );
890 check-dup-records ( fail | warn | ignore );
891 check-integrity boolean;
892 check-mx ( fail | warn | ignore );
893 check-mx-cname ( fail | warn | ignore );
894 check-names ( fail | warn | ignore );
895 check-sibling boolean;
896 check-spf ( warn | ignore );
897 check-srv-cname ( fail | warn | ignore );
898 check-wildcard boolean;
899 database string;
900 delegation-only boolean;
901 dialup ( notify | notify-passive | passive | refresh | boolean );
902 dlz string;
903 dnskey-sig-validity integer;
904 dnssec-dnskey-kskonly boolean;
905 dnssec-loadkeys-interval integer;
906 dnssec-policy string;
907 dnssec-secure-to-insecure boolean;
908 dnssec-update-mode ( maintain | no-resign );
909 file quoted_string;
910 forward ( first | only );
911 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
912 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
913 in-view string;
914 inline-signing boolean;
915 ixfr-from-differences boolean;
916 journal quoted_string;
917 key-directory quoted_string;
918 masterfile-format ( map | raw | text );
919 masterfile-style ( full | relative );
920 masters [ port integer ] [ dscp integer ] { ( remote-servers
921 | ipv4_address [ port integer ] | ipv6_address [ port
922 integer ] ) [ key string ]; ... };
923 max-ixfr-ratio ( unlimited | percentage );
924 max-journal-size ( default | unlimited | sizeval );
925 max-records integer;
926 max-refresh-time integer;
927 max-retry-time integer;
928 max-transfer-idle-in integer;
929 max-transfer-idle-out integer;
930 max-transfer-time-in integer;
931 max-transfer-time-out integer;
932 max-zone-ttl ( unlimited | duration );
933 min-refresh-time integer;
934 min-retry-time integer;
935 multi-master boolean;
936 notify ( explicit | master-only | primary-only | boolean );
937 notify-delay integer;
938 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
939 dscp integer ];
940 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
941 [ dscp integer ];
942 notify-to-soa boolean;
943 parental-agents [ port integer ] [ dscp integer ] { (
944 remote-servers | ipv4_address [ port integer ] |
945 ipv6_address [ port integer ] ) [ key string ]; ... };
946 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
947 dscp integer ];
948 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
949 ] [ dscp integer ];
950 primaries [ port integer ] [ dscp integer ] { (
951 remote-servers | ipv4_address [ port integer ] |
952 ipv6_address [ port integer ] ) [ key string ]; ... };
953 request-expire boolean;
954 request-ixfr boolean;
955 serial-update-method ( date | increment | unixtime );
956 server-addresses { ( ipv4_address | ipv6_address ); ... };
957 server-names { string; ... };
958 sig-signing-nodes integer;
959 sig-signing-signatures integer;
960 sig-signing-type integer;
961 sig-validity-interval integer [ integer ];
962 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
963 dscp integer ];
964 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
965 ] [ dscp integer ];
966 try-tcp-refresh boolean;
967 type ( primary | master | secondary | slave | mirror |
968 delegation-only | forward | hint | redirect | static-stub |
969 stub );
970 update-check-ksk boolean;
971 update-policy ( local | { ( deny | grant ) string ( 6to4-self |
972 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
973 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
974 | subdomain | tcp-self | wildcard | zonesub ) [ string ]
975 rrtypelist; ... };
976 use-alt-transfer-source boolean;
977 zero-no-soa-ttl boolean;
978 zone-statistics ( full | terse | none | boolean );
979 };
980
982 /etc/named.conf
983
985 ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-conf‐
986 gen(8), BIND 9 Administrator Reference Manual.
987
989 Internet Systems Consortium
990
992 2021, Internet Systems Consortium
993
994
995
996
9979.16.23-RH NAMED.CONF(5)