2
3
4
6 named.conf - configuration file for named
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are supported:
15
16 C style: /* */
17
18 C++ style: // to end of line
19
20 Unix style: # to end of line
21
23 acl string { address_match_element; ... };
24
26 key domain_name {
27 algorithm string;
28 secret string;
29 };
30
32 masters string [ port integer ] {
33 ( masters | ipv4_address [port integer] |
34 ipv6_address [port integer] ) [ key string ]; ...
35 };
36
38 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
39 bogus boolean;
40 edns boolean;
41 edns-udp-size integer;
42 max-udp-size integer;
43 provide-ixfr boolean;
44 request-ixfr boolean;
45 keys server_key;
46 transfers integer;
47 transfer-format ( many-answers | one-answer );
48 transfer-source ( ipv4_address | * )
49 [ port ( integer | * ) ];
50 transfer-source-v6 ( ipv6_address | * )
51 [ port ( integer | * ) ];
52 support-ixfr boolean; // obsolete
53 };
54
56 trusted-keys {
57 domain_name flags protocol algorithm key; ...
58 };
59
61 controls {
62 inet ( ipv4_address | ipv6_address | * )
63 [ port ( integer | * ) ]
64 allow { address_match_element; ... }
65 [ keys { string; ... } ];
66 unix unsupported; // not implemented
67 };
68
70 logging {
71 channel string {
72 file log_file;
73 syslog optional_facility;
74 null;
75 stderr;
76 severity log_severity;
77 print-time boolean;
78 print-severity boolean;
79 print-category boolean;
80 };
81 category string { string; ... };
82 };
83
85 lwres {
86 listen-on [ port integer ] {
87 ( ipv4_address | ipv6_address ) [ port integer ]; ...
88 };
89 view string optional_class;
90 search { string; ... };
91 ndots integer;
92 };
93
95 options {
96 avoid-v4-udp-ports { port; ... };
97 avoid-v6-udp-ports { port; ... };
98 blackhole { address_match_element; ... };
99 coresize size;
100 datasize size;
101 directory quoted_string;
102 dump-file quoted_string;
103 files size;
104 heartbeat-interval integer;
105 host-statistics boolean; // not implemented
106 host-statistics-max number; // not implemented
107 hostname ( quoted_string | none );
108 interface-interval integer;
109 listen-on [ port integer ] { address_match_element; ... };
110 listen-on-v6 [ port integer ] { address_match_element; ... };
111 match-mapped-addresses boolean;
112 memstatistics-file quoted_string;
113 pid-file ( quoted_string | none );
114 port integer;
115 querylog boolean;
116 recursing-file quoted_string;
117 random-device quoted_string;
118 recursive-clients integer;
119 serial-query-rate integer;
120 server-id ( quoted_string | none |;
121 stacksize size;
122 statistics-file quoted_string;
123 statistics-interval integer; // not yet implemented
124 tcp-clients integer;
125 tcp-listen-queue integer;
126 tkey-dhkey quoted_string integer;
127 tkey-gssapi-credential quoted_string;
128 tkey-domain quoted_string;
129 transfers-per-ns integer;
130 transfers-in integer;
131 transfers-out integer;
132 use-ixfr boolean;
133 version ( quoted_string | none );
134 allow-recursion { address_match_element; ... };
135 sortlist { address_match_element; ... };
136 topology { address_match_element; ... }; // not implemented
137 auth-nxdomain boolean; // default changed
138 minimal-responses boolean;
139 recursion boolean;
140 rrset-order {
141 [ class string ] [ type string ]
142 [ name quoted_string ] string string; ...
143 };
144 provide-ixfr boolean;
145 request-ixfr boolean;
146 rfc2308-type1 boolean; // not yet implemented
147 additional-from-auth boolean;
148 additional-from-cache boolean;
149 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
150 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
151 cleaning-interval integer;
152 min-roots integer; // not implemented
153 lame-ttl integer;
154 max-ncache-ttl integer;
155 max-cache-ttl integer;
156 transfer-format ( many-answers | one-answer );
157 max-cache-size size_no_default;
158 max-acache-size size_no_default;
159 clients-per-query number;
160 max-clients-per-query number;
161 check-names ( master | slave | response )
162 ( fail | warn | ignore );
163 check-mx ( fail | warn | ignore );
164 check-integrity boolean;
165 check-mx-cname ( fail | warn | ignore );
166 check-srv-cname ( fail | warn | ignore );
167 cache-file quoted_string; // test option
168 suppress-initial-notify boolean; // not yet implemented
169 preferred-glue string;
170 dual-stack-servers [ port integer ] {
171 ( quoted_string [port integer] |
172 ipv4_address [port integer] |
173 ipv6_address [port integer] ); ...
174 };
175 edns-udp-size integer;
176 max-udp-size integer;
177 root-delegation-only [ exclude { quoted_string; ... } ];
178 disable-algorithms string { string; ... };
179 dnssec-enable boolean;
180 dnssec-validation boolean;
181 dnssec-lookaside string trust-anchor string;
182 dnssec-must-be-secure string boolean;
183 dnssec-accept-expired boolean;
184 empty-server string;
185 empty-contact string;
186 empty-zones-enable boolean;
187 disable-empty-zone string;
188 dialup dialuptype;
189 ixfr-from-differences ixfrdiff;
190 allow-query { address_match_element; ... };
191 allow-query-cache { address_match_element; ... };
192 allow-transfer { address_match_element; ... };
193 allow-update { address_match_element; ... };
194 allow-update-forwarding { address_match_element; ... };
195 update-check-ksk boolean;
196 masterfile-format ( text | raw );
197 notify notifytype;
198 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
199 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
200 notify-delay seconds;
201 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
202 [ port integer ]; ... };
203 allow-notify { address_match_element; ... };
204 forward ( first | only );
205 forwarders [ port integer ] {
206 ( ipv4_address | ipv6_address ) [ port integer ]; ...
207 };
208 max-journal-size size_no_default;
209 max-transfer-time-in integer;
210 max-transfer-time-out integer;
211 max-transfer-idle-in integer;
212 max-transfer-idle-out integer;
213 max-retry-time integer;
214 min-retry-time integer;
215 max-refresh-time integer;
216 min-refresh-time integer;
217 multi-master boolean;
218 sig-validity-interval integer;
219 transfer-source ( ipv4_address | * )
220 [ port ( integer | * ) ];
221 transfer-source-v6 ( ipv6_address | * )
222 [ port ( integer | * ) ];
223 alt-transfer-source ( ipv4_address | * )
224 [ port ( integer | * ) ];
225 alt-transfer-source-v6 ( ipv6_address | * )
226 [ port ( integer | * ) ];
227 use-alt-transfer-source boolean;
228 zone-statistics boolean;
229 key-directory quoted_string;
230 zero-no-soa-ttl boolean;
231 zero-no-soa-ttl-cache boolean;
232 allow-v6-synthesis { address_match_element; ... }; // obsolete
233 deallocate-on-exit boolean; // obsolete
234 fake-iquery boolean; // obsolete
235 fetch-glue boolean; // obsolete
236 has-old-clients boolean; // obsolete
237 maintain-ixfr-base boolean; // obsolete
238 max-ixfr-log-size size; // obsolete
239 multiple-cnames boolean; // obsolete
240 named-xfer quoted_string; // obsolete
241 serial-queries integer; // obsolete
242 treat-cr-as-space boolean; // obsolete
243 use-id-pool boolean; // obsolete
244 };
245
247 view string optional_class {
248 match-clients { address_match_element; ... };
249 match-destinations { address_match_element; ... };
250 match-recursive-only boolean;
251 key string {
252 algorithm string;
253 secret string;
254 };
255 zone string optional_class {
256 ...
257 };
258 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
259 ...
260 };
261 trusted-keys {
262 string integer integer integer quoted_string; ...
263 };
264 allow-recursion { address_match_element; ... };
265 sortlist { address_match_element; ... };
266 topology { address_match_element; ... }; // not implemented
267 auth-nxdomain boolean; // default changed
268 minimal-responses boolean;
269 recursion boolean;
270 rrset-order {
271 [ class string ] [ type string ]
272 [ name quoted_string ] string string; ...
273 };
274 provide-ixfr boolean;
275 request-ixfr boolean;
276 rfc2308-type1 boolean; // not yet implemented
277 additional-from-auth boolean;
278 additional-from-cache boolean;
279 query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
280 query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
281 cleaning-interval integer;
282 min-roots integer; // not implemented
283 lame-ttl integer;
284 max-ncache-ttl integer;
285 max-cache-ttl integer;
286 transfer-format ( many-answers | one-answer );
287 max-cache-size size_no_default;
288 max-acache-size size_no_default;
289 clients-per-query number;
290 max-clients-per-query number;
291 check-names ( master | slave | response )
292 ( fail | warn | ignore );
293 check-mx ( fail | warn | ignore );
294 check-integrity boolean;
295 check-mx-cname ( fail | warn | ignore );
296 check-srv-cname ( fail | warn | ignore );
297 cache-file quoted_string; // test option
298 suppress-initial-notify boolean; // not yet implemented
299 preferred-glue string;
300 dual-stack-servers [ port integer ] {
301 ( quoted_string [port integer] |
302 ipv4_address [port integer] |
303 ipv6_address [port integer] ); ...
304 };
305 edns-udp-size integer;
306 max-udp-size integer;
307 root-delegation-only [ exclude { quoted_string; ... } ];
308 disable-algorithms string { string; ... };
309 dnssec-enable boolean;
310 dnssec-validation boolean;
311 dnssec-lookaside string trust-anchor string;
312 dnssec-must-be-secure string boolean;
313 dnssec-accept-expired boolean;
314 empty-server string;
315 empty-contact string;
316 empty-zones-enable boolean;
317 disable-empty-zone string;
318 dialup dialuptype;
319 ixfr-from-differences ixfrdiff;
320 allow-query { address_match_element; ... };
321 allow-query-cache { address_match_element; ... };
322 allow-transfer { address_match_element; ... };
323 allow-update { address_match_element; ... };
324 allow-update-forwarding { address_match_element; ... };
325 update-check-ksk boolean;
326 masterfile-format ( text | raw );
327 notify notifytype;
328 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
329 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
330 notify-delay seconds;
331 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
332 [ port integer ]; ... };
333 allow-notify { address_match_element; ... };
334 forward ( first | only );
335 forwarders [ port integer ] {
336 ( ipv4_address | ipv6_address ) [ port integer ]; ...
337 };
338 max-journal-size size_no_default;
339 max-transfer-time-in integer;
340 max-transfer-time-out integer;
341 max-transfer-idle-in integer;
342 max-transfer-idle-out integer;
343 max-retry-time integer;
344 min-retry-time integer;
345 max-refresh-time integer;
346 min-refresh-time integer;
347 multi-master boolean;
348 sig-validity-interval integer;
349 transfer-source ( ipv4_address | * )
350 [ port ( integer | * ) ];
351 transfer-source-v6 ( ipv6_address | * )
352 [ port ( integer | * ) ];
353 alt-transfer-source ( ipv4_address | * )
354 [ port ( integer | * ) ];
355 alt-transfer-source-v6 ( ipv6_address | * )
356 [ port ( integer | * ) ];
357 use-alt-transfer-source boolean;
358 zone-statistics boolean;
359 key-directory quoted_string;
360 zero-no-soa-ttl boolean;
361 zero-no-soa-ttl-cache boolean;
362 allow-v6-synthesis { address_match_element; ... }; // obsolete
363 fetch-glue boolean; // obsolete
364 maintain-ixfr-base boolean; // obsolete
365 max-ixfr-log-size size; // obsolete
366 };
367
369 zone string optional_class {
370 type ( master | slave | stub | hint |
371 forward | delegation-only );
372 file quoted_string;
373 masters [ port integer ] {
374 ( masters |
375 ipv4_address [port integer] |
376 ipv6_address [ port integer ] ) [ key string ]; ...
377 };
378 database string;
379 delegation-only boolean;
380 check-names ( fail | warn | ignore );
381 check-mx ( fail | warn | ignore );
382 check-integrity boolean;
383 check-mx-cname ( fail | warn | ignore );
384 check-srv-cname ( fail | warn | ignore );
385 dialup dialuptype;
386 ixfr-from-differences boolean;
387 journal quoted_string;
388 zero-no-soa-ttl boolean;
389 allow-query { address_match_element; ... };
390 allow-transfer { address_match_element; ... };
391 allow-update { address_match_element; ... };
392 allow-update-forwarding { address_match_element; ... };
393 update-policy {
394 ( grant | deny ) string
395 ( name | subdomain | wildcard | self ) string
396 rrtypelist; ...
397 };
398 update-check-ksk boolean;
399 masterfile-format ( text | raw );
400 notify notifytype;
401 notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
402 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
403 notify-delay seconds;
404 also-notify [ port integer ] { ( ipv4_address | ipv6_address )
405 [ port integer ]; ... };
406 allow-notify { address_match_element; ... };
407 forward ( first | only );
408 forwarders [ port integer ] {
409 ( ipv4_address | ipv6_address ) [ port integer ]; ...
410 };
411 max-journal-size size_no_default;
412 max-transfer-time-in integer;
413 max-transfer-time-out integer;
414 max-transfer-idle-in integer;
415 max-transfer-idle-out integer;
416 max-retry-time integer;
417 min-retry-time integer;
418 max-refresh-time integer;
419 min-refresh-time integer;
420 multi-master boolean;
421 sig-validity-interval integer;
422 transfer-source ( ipv4_address | * )
423 [ port ( integer | * ) ];
424 transfer-source-v6 ( ipv6_address | * )
425 [ port ( integer | * ) ];
426 alt-transfer-source ( ipv4_address | * )
427 [ port ( integer | * ) ];
428 alt-transfer-source-v6 ( ipv6_address | * )
429 [ port ( integer | * ) ];
430 use-alt-transfer-source boolean;
431 zone-statistics boolean;
432 key-directory quoted_string;
433 ixfr-base quoted_string; // obsolete
434 ixfr-tmp-file quoted_string; // obsolete
435 maintain-ixfr-base boolean; // obsolete
436 max-ixfr-log-size size; // obsolete
437 pubkey integer integer integer quoted_string; // obsolete
438 };
439
441 /etc/named.conf
442
444 named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference
445 Manual.
446
448 Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
449
450
451
452BIND9 Aug 13, 2004 NAMED.CONF(5)