1NAMED.CONF(5) BIND9 NAMED.CONF(5)
2
6 named.conf - configuration file for named
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are supported:
15 C style: /* */
17 C++ style: // to end of line
19 Unix style: # to end of line
21
23 acl string { address_match_element; ... };
24
26 controls {
27 inet ( ipv4_address | ipv6_address |
28 * ) [ port ( integer | * ) ] allow
29 { address_match_element; ... } [
30 keys { string; ... } ] [ read-only
31 boolean ];
32 unix quoted_string perm integer
33 owner integer group integer [
34 keys { string; ... } ] [ read-only
35 boolean ];
36 };
37
39 dlz string {
40 database string;
41 search boolean;
42 };
43
45 dyndb string quoted_string {
46 unspecified-text };
47
49 key string {
50 algorithm string;
51 secret string;
52 };
53
55 logging {
56 category string { string; ... };
57 channel string {
58 buffered boolean;
59 file quoted_string [ versions ( "unlimited" | integer )
60 ] [ size size ];
61 null;
62 print-category boolean;
63 print-severity boolean;
64 print-time boolean;
65 severity log_severity;
66 stderr;
67 syslog [ syslog_facility ];
68 };
69 };
70
72 lwres {
73 listen-on [ port integer ] [ dscp integer ] { ( ipv4_address
74 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
75 lwres-clients integer;
76 lwres-tasks integer;
77 ndots integer;
78 search { string; ... };
79 view string [ class ];
80 };
81
83 managed-keys { string string integer
84 integer integer quoted_string; ... };
85
87 masters string [ port integer ] [ dscp
88 integer ] { ( masters | ipv4_address [
89 port integer ] | ipv6_address [ port
90 integer ] ) [ key string ]; ... };
91
93 options {
94 acache-cleaning-interval integer;
95 acache-enable boolean;
96 additional-from-auth boolean;
97 additional-from-cache boolean;
98 allow-new-zones boolean;
99 allow-notify { address_match_element; ... };
100 allow-query { address_match_element; ... };
101 allow-query-cache { address_match_element; ... };
102 allow-query-cache-on { address_match_element; ... };
103 allow-query-on { address_match_element; ... };
104 allow-recursion { address_match_element; ... };
105 allow-recursion-on { address_match_element; ... };
106 allow-transfer { address_match_element; ... };
107 allow-update { address_match_element; ... };
108 allow-update-forwarding { address_match_element; ... };
109 also-notify [ port integer ] [ dscp integer ] { ( masters |
110 ipv4_address [ port integer ] | ipv6_address [ port
111 integer ] ) [ key string ]; ... };
112 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
113 ] [ dscp integer ];
114 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
115 * ) ] [ dscp integer ];
116 answer-cookie boolean;
117 attach-cache string;
118 auth-nxdomain boolean; // default changed
119 auto-dnssec ( allow | maintain | off );
120 automatic-interface-scan boolean;
121 avoid-v4-udp-ports { portrange; ... };
122 avoid-v6-udp-ports { portrange; ... };
123 bindkeys-file quoted_string;
124 blackhole { address_match_element; ... };
125 cache-file quoted_string;
126 catalog-zones { zone string [ default-masters [ port integer ]
127 [ dscp integer ] { ( masters | ipv4_address [ port
128 integer ] | ipv6_address [ port integer ] ) [ key
129 string ]; ... } ] [ zone-directory quoted_string ] [
130 in-memory boolean ] [ min-update-interval integer ]; ... };
131 check-dup-records ( fail | warn | ignore );
132 check-integrity boolean;
133 check-mx ( fail | warn | ignore );
134 check-mx-cname ( fail | warn | ignore );
135 check-names ( master | slave | response
136 ) ( fail | warn | ignore );
137 check-sibling boolean;
138 check-spf ( warn | ignore );
139 check-srv-cname ( fail | warn | ignore );
140 check-wildcard boolean;
141 cleaning-interval integer;
142 clients-per-query integer;
143 cookie-algorithm ( aes | sha1 | sha256 | siphash24 );
144 cookie-secret string;
145 coresize ( default | unlimited | sizeval );
146 datasize ( default | unlimited | sizeval );
147 deny-answer-addresses { address_match_element; ... } [
148 except-from { quoted_string; ... } ];
149 deny-answer-aliases { quoted_string; ... } [ except-from {
150 quoted_string; ... } ];
151 dialup ( notify | notify-passive | passive | refresh | boolean );
152 directory quoted_string;
153 disable-algorithms string { string;
154 ... };
155 disable-ds-digests string { string;
156 ... };
157 disable-empty-zone string;
158 dns64 netprefix {
159 break-dnssec boolean;
160 clients { address_match_element; ... };
161 exclude { address_match_element; ... };
162 mapped { address_match_element; ... };
163 recursive-only boolean;
164 suffix ipv6_address;
165 };
166 dns64-contact string;
167 dns64-server string;
168 dnssec-accept-expired boolean;
169 dnssec-dnskey-kskonly boolean;
170 dnssec-enable boolean;
171 dnssec-loadkeys-interval integer;
172 dnssec-lookaside ( string trust-anchor
173 string | auto | no );
174 dnssec-must-be-secure string boolean;
175 dnssec-secure-to-insecure boolean;
176 dnssec-update-mode ( maintain | no-resign );
177 dnssec-validation ( yes | no | auto );
178 dnstap { ( all | auth | client | forwarder |
179 resolver ) [ ( query | response ) ]; ... };
180 dnstap-identity ( quoted_string | none |
181 hostname );
182 dnstap-output ( file | unix ) quoted_string;
183 dnstap-version ( quoted_string | none );
184 dscp integer;
185 dual-stack-servers [ port integer ] { ( quoted_string [ port
186 integer ] [ dscp integer ] | ipv4_address [ port
187 integer ] [ dscp integer ] | ipv6_address [ port
188 integer ] [ dscp integer ] ); ... };
189 dump-file quoted_string;
190 edns-udp-size integer;
191 empty-contact string;
192 empty-server string;
193 empty-zones-enable boolean;
194 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
195 fetches-per-server integer [ ( drop | fail ) ];
196 fetches-per-zone integer [ ( drop | fail ) ];
197 files ( default | unlimited | sizeval );
198 filter-aaaa { address_match_element; ... };
199 filter-aaaa-on-v4 ( break-dnssec | boolean );
200 filter-aaaa-on-v6 ( break-dnssec | boolean );
201 flush-zones-on-shutdown boolean;
202 forward ( first | only );
203 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
204 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
205 fstrm-set-buffer-hint integer;
206 fstrm-set-flush-timeout integer;
207 fstrm-set-input-queue-size integer;
208 fstrm-set-output-notify-threshold integer;
209 fstrm-set-output-queue-model ( mpsc | spsc );
210 fstrm-set-output-queue-size integer;
211 fstrm-set-reopen-interval integer;
212 geoip-directory ( quoted_string | none );
213 geoip-use-ecs boolean;
214 heartbeat-interval integer;
215 hostname ( quoted_string | none );
216 inline-signing boolean;
217 interface-interval integer;
218 ixfr-from-differences ( master | slave | boolean );
219 keep-response-order { address_match_element; ... };
220 key-directory quoted_string;
221 lame-ttl ttlval;
222 listen-on [ port integer ] [ dscp
223 integer ] {
224 address_match_element; ... };
225 listen-on-v6 [ port integer ] [ dscp
226 integer ] {
227 address_match_element; ... };
228 lmdb-mapsize sizeval;
229 lock-file ( quoted_string | none );
230 managed-keys-directory quoted_string;
231 masterfile-format ( map | raw | text );
232 masterfile-style ( full | relative );
233 match-mapped-addresses boolean;
234 max-acache-size ( unlimited | sizeval );
235 max-cache-size ( default | unlimited | sizeval | percentage );
236 max-cache-ttl integer;
237 max-clients-per-query integer;
238 max-journal-size ( unlimited | sizeval );
239 max-ncache-ttl integer;
240 max-records integer;
241 max-recursion-depth integer;
242 max-recursion-queries integer;
243 max-refresh-time integer;
244 max-retry-time integer;
245 max-rsa-exponent-size integer;
246 max-transfer-idle-in integer;
247 max-transfer-idle-out integer;
248 max-transfer-time-in integer;
249 max-transfer-time-out integer;
250 max-udp-size integer;
251 max-zone-ttl ( unlimited | ttlval );
252 memstatistics boolean;
253 memstatistics-file quoted_string;
254 message-compression boolean;
255 min-refresh-time integer;
256 min-retry-time integer;
257 minimal-any boolean;
258 minimal-responses ( no-auth | no-auth-recursive | boolean );
259 multi-master boolean;
260 no-case-compress { address_match_element; ... };
261 nocookie-udp-size integer;
262 notify ( explicit | master-only | boolean );
263 notify-delay integer;
264 notify-rate integer;
265 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
266 dscp integer ];
267 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
268 [ dscp integer ];
269 notify-to-soa boolean;
270 nta-lifetime ttlval;
271 nta-recheck ttlval;
272 nxdomain-redirect string;
273 pid-file ( quoted_string | none );
274 port integer;
275 preferred-glue string;
276 prefetch integer [ integer ];
277 provide-ixfr boolean;
278 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
279 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
280 port ( integer | * ) ) ) [ dscp integer ];
281 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
282 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
283 port ( integer | * ) ) ) [ dscp integer ];
284 querylog boolean;
285 random-device quoted_string;
286 rate-limit {
287 all-per-second integer;
288 errors-per-second integer;
289 exempt-clients { address_match_element; ... };
290 ipv4-prefix-length integer;
291 ipv6-prefix-length integer;
292 log-only boolean;
293 max-table-size integer;
294 min-table-size integer;
295 nodata-per-second integer;
296 nxdomains-per-second integer;
297 qps-scale integer;
298 referrals-per-second integer;
299 responses-per-second integer;
300 slip integer;
301 window integer;
302 };
303 recursing-file quoted_string;
304 recursion boolean;
305 recursive-clients integer;
306 request-expire boolean;
307 request-ixfr boolean;
308 request-nsid boolean;
309 require-server-cookie boolean;
310 reserved-sockets integer;
311 resolver-query-timeout integer;
312 response-policy { zone string [ log boolean ] [ max-policy-ttl
313 integer ] [ policy ( cname | disabled | drop | given | no-op
314 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
315 recursive-only boolean ]; ... } [ break-dnssec boolean ] [
316 max-policy-ttl integer ] [ min-ns-dots integer ] [
317 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
318 [ recursive-only boolean ];
319 root-delegation-only [ exclude { quoted_string; ... } ];
320 root-key-sentinel boolean;
321 rrset-order { [ class string ] [ type string ] [ name
322 quoted_string ] string string; ... };
323 secroots-file quoted_string;
324 send-cookie boolean;
325 serial-query-rate integer;
326 serial-update-method ( date | increment | unixtime );
327 server-id ( quoted_string | none | hostname );
328 servfail-ttl ttlval;
329 session-keyalg string;
330 session-keyfile ( quoted_string | none );
331 session-keyname string;
332 sig-signing-nodes integer;
333 sig-signing-signatures integer;
334 sig-signing-type integer;
335 sig-validity-interval integer [ integer ];
336 sortlist { address_match_element; ... };
337 stacksize ( default | unlimited | sizeval );
338 startup-notify-rate integer;
339 statistics-file quoted_string;
340 tcp-clients integer;
341 tcp-listen-queue integer;
342 tkey-dhkey quoted_string integer;
343 tkey-domain quoted_string;
344 tkey-gssapi-credential quoted_string;
345 tkey-gssapi-keytab quoted_string;
346 transfer-format ( many-answers | one-answer );
347 transfer-message-size integer;
348 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
349 dscp integer ];
350 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
351 ] [ dscp integer ];
352 transfers-in integer;
353 transfers-out integer;
354 transfers-per-ns integer;
355 trust-anchor-telemetry boolean; // experimental
356 try-tcp-refresh boolean;
357 update-check-ksk boolean;
358 use-alt-transfer-source boolean;
359 use-v4-udp-ports { portrange; ... };
360 use-v6-udp-ports { portrange; ... };
361 v6-bias integer;
362 version ( quoted_string | none );
363 zero-no-soa-ttl boolean;
364 zero-no-soa-ttl-cache boolean;
365 zone-statistics ( full | terse | none | boolean );
366 };
367
369 server netprefix {
370 bogus boolean;
371 edns boolean;
372 edns-udp-size integer;
373 edns-version integer;
374 keys server_key;
375 max-udp-size integer;
376 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
377 dscp integer ];
378 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
379 [ dscp integer ];
380 provide-ixfr boolean;
381 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
382 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
383 port ( integer | * ) ) ) [ dscp integer ];
384 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
385 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
386 port ( integer | * ) ) ) [ dscp integer ];
387 request-expire boolean;
388 request-ixfr boolean;
389 request-nsid boolean;
390 send-cookie boolean;
391 tcp-only boolean;
392 transfer-format ( many-answers | one-answer );
393 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
394 dscp integer ];
395 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
396 ] [ dscp integer ];
397 transfers integer;
398 };
399
401 statistics-channels {
402 inet ( ipv4_address | ipv6_address |
403 * ) [ port ( integer | * ) ] [
404 allow { address_match_element; ...
405 } ];
406 };
407
409 trusted-keys { string integer integer
410 integer quoted_string; ... };
411
413 view string [ class ] {
414 acache-cleaning-interval integer;
415 acache-enable boolean;
416 additional-from-auth boolean;
417 additional-from-cache boolean;
418 allow-new-zones boolean;
419 allow-notify { address_match_element; ... };
420 allow-query { address_match_element; ... };
421 allow-query-cache { address_match_element; ... };
422 allow-query-cache-on { address_match_element; ... };
423 allow-query-on { address_match_element; ... };
424 allow-recursion { address_match_element; ... };
425 allow-recursion-on { address_match_element; ... };
426 allow-transfer { address_match_element; ... };
427 allow-update { address_match_element; ... };
428 allow-update-forwarding { address_match_element; ... };
429 also-notify [ port integer ] [ dscp integer ] { ( masters |
430 ipv4_address [ port integer ] | ipv6_address [ port
431 integer ] ) [ key string ]; ... };
432 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
433 ] [ dscp integer ];
434 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
435 * ) ] [ dscp integer ];
436 attach-cache string;
437 auth-nxdomain boolean; // default changed
438 auto-dnssec ( allow | maintain | off );
439 cache-file quoted_string;
440 catalog-zones { zone string [ default-masters [ port integer ]
441 [ dscp integer ] { ( masters | ipv4_address [ port
442 integer ] | ipv6_address [ port integer ] ) [ key
443 string ]; ... } ] [ zone-directory quoted_string ] [
444 in-memory boolean ] [ min-update-interval integer ]; ... };
445 check-dup-records ( fail | warn | ignore );
446 check-integrity boolean;
447 check-mx ( fail | warn | ignore );
448 check-mx-cname ( fail | warn | ignore );
449 check-names ( master | slave | response
450 ) ( fail | warn | ignore );
451 check-sibling boolean;
452 check-spf ( warn | ignore );
453 check-srv-cname ( fail | warn | ignore );
454 check-wildcard boolean;
455 cleaning-interval integer;
456 clients-per-query integer;
457 deny-answer-addresses { address_match_element; ... } [
458 except-from { quoted_string; ... } ];
459 deny-answer-aliases { quoted_string; ... } [ except-from {
460 quoted_string; ... } ];
461 dialup ( notify | notify-passive | passive | refresh | boolean );
462 disable-algorithms string { string;
463 ... };
464 disable-ds-digests string { string;
465 ... };
466 disable-empty-zone string;
467 dlz string {
468 database string;
469 search boolean;
470 };
471 dns64 netprefix {
472 break-dnssec boolean;
473 clients { address_match_element; ... };
474 exclude { address_match_element; ... };
475 mapped { address_match_element; ... };
476 recursive-only boolean;
477 suffix ipv6_address;
478 };
479 dns64-contact string;
480 dns64-server string;
481 dnssec-accept-expired boolean;
482 dnssec-dnskey-kskonly boolean;
483 dnssec-enable boolean;
484 dnssec-loadkeys-interval integer;
485 dnssec-lookaside ( string trust-anchor
486 string | auto | no );
487 dnssec-must-be-secure string boolean;
488 dnssec-secure-to-insecure boolean;
489 dnssec-update-mode ( maintain | no-resign );
490 dnssec-validation ( yes | no | auto );
491 dnstap { ( all | auth | client | forwarder |
492 resolver ) [ ( query | response ) ]; ... };
493 dual-stack-servers [ port integer ] { ( quoted_string [ port
494 integer ] [ dscp integer ] | ipv4_address [ port
495 integer ] [ dscp integer ] | ipv6_address [ port
496 integer ] [ dscp integer ] ); ... };
497 dyndb string quoted_string {
498 unspecified-text };
499 edns-udp-size integer;
500 empty-contact string;
501 empty-server string;
502 empty-zones-enable boolean;
503 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
504 fetches-per-server integer [ ( drop | fail ) ];
505 fetches-per-zone integer [ ( drop | fail ) ];
506 filter-aaaa { address_match_element; ... };
507 filter-aaaa-on-v4 ( break-dnssec | boolean );
508 filter-aaaa-on-v6 ( break-dnssec | boolean );
509 forward ( first | only );
510 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
511 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
512 inline-signing boolean;
513 ixfr-from-differences ( master | slave | boolean );
514 key string {
515 algorithm string;
516 secret string;
517 };
518 key-directory quoted_string;
519 lame-ttl ttlval;
520 lmdb-mapsize sizeval;
521 managed-keys { string string
522 integer integer integer
523 quoted_string; ... };
524 masterfile-format ( map | raw | text );
525 masterfile-style ( full | relative );
526 match-clients { address_match_element; ... };
527 match-destinations { address_match_element; ... };
528 match-recursive-only boolean;
529 max-acache-size ( unlimited | sizeval );
530 max-cache-size ( default | unlimited | sizeval | percentage );
531 max-cache-ttl integer;
532 max-clients-per-query integer;
533 max-journal-size ( unlimited | sizeval );
534 max-ncache-ttl integer;
535 max-records integer;
536 max-recursion-depth integer;
537 max-recursion-queries integer;
538 max-refresh-time integer;
539 max-retry-time integer;
540 max-transfer-idle-in integer;
541 max-transfer-idle-out integer;
542 max-transfer-time-in integer;
543 max-transfer-time-out integer;
544 max-udp-size integer;
545 max-zone-ttl ( unlimited | ttlval );
546 message-compression boolean;
547 min-refresh-time integer;
548 min-retry-time integer;
549 minimal-any boolean;
550 minimal-responses ( no-auth | no-auth-recursive | boolean );
551 multi-master boolean;
552 no-case-compress { address_match_element; ... };
553 nocookie-udp-size integer;
554 notify ( explicit | master-only | boolean );
555 notify-delay integer;
556 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
557 dscp integer ];
558 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
559 [ dscp integer ];
560 notify-to-soa boolean;
561 nta-lifetime ttlval;
562 nta-recheck ttlval;
563 nxdomain-redirect string;
564 preferred-glue string;
565 prefetch integer [ integer ];
566 provide-ixfr boolean;
567 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
568 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
569 port ( integer | * ) ) ) [ dscp integer ];
570 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
571 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
572 port ( integer | * ) ) ) [ dscp integer ];
573 rate-limit {
574 all-per-second integer;
575 errors-per-second integer;
576 exempt-clients { address_match_element; ... };
577 ipv4-prefix-length integer;
578 ipv6-prefix-length integer;
579 log-only boolean;
580 max-table-size integer;
581 min-table-size integer;
582 nodata-per-second integer;
583 nxdomains-per-second integer;
584 qps-scale integer;
585 referrals-per-second integer;
586 responses-per-second integer;
587 slip integer;
588 window integer;
589 };
590 recursion boolean;
591 request-expire boolean;
592 request-ixfr boolean;
593 request-nsid boolean;
594 require-server-cookie boolean;
595 resolver-query-timeout integer;
596 response-policy { zone string [ log boolean ] [ max-policy-ttl
597 integer ] [ policy ( cname | disabled | drop | given | no-op
598 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
599 recursive-only boolean ]; ... } [ break-dnssec boolean ] [
600 max-policy-ttl integer ] [ min-ns-dots integer ] [
601 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
602 [ recursive-only boolean ];
603 root-delegation-only [ exclude { quoted_string; ... } ];
604 root-key-sentinel boolean;
605 rrset-order { [ class string ] [ type string ] [ name
606 quoted_string ] string string; ... };
607 send-cookie boolean;
608 serial-update-method ( date | increment | unixtime );
609 server netprefix {
610 bogus boolean;
611 edns boolean;
612 edns-udp-size integer;
613 edns-version integer;
614 keys server_key;
615 max-udp-size integer;
616 notify-source ( ipv4_address | * ) [ port ( integer | *
617 ) ] [ dscp integer ];
618 notify-source-v6 ( ipv6_address | * ) [ port ( integer
619 | * ) ] [ dscp integer ];
620 provide-ixfr boolean;
621 query-source ( ( [ address ] ( ipv4_address | * ) [ port
622 ( integer | * ) ] ) | ( [ [ address ] (
623 ipv4_address | * ) ] port ( integer | * ) ) ) [
624 dscp integer ];
625 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
626 port ( integer | * ) ] ) | ( [ [ address ] (
627 ipv6_address | * ) ] port ( integer | * ) ) ) [
628 dscp integer ];
629 request-expire boolean;
630 request-ixfr boolean;
631 request-nsid boolean;
632 send-cookie boolean;
633 tcp-only boolean;
634 transfer-format ( many-answers | one-answer );
635 transfer-source ( ipv4_address | * ) [ port ( integer |
636 * ) ] [ dscp integer ];
637 transfer-source-v6 ( ipv6_address | * ) [ port (
638 integer | * ) ] [ dscp integer ];
639 transfers integer;
640 };
641 servfail-ttl ttlval;
642 sig-signing-nodes integer;
643 sig-signing-signatures integer;
644 sig-signing-type integer;
645 sig-validity-interval integer [ integer ];
646 sortlist { address_match_element; ... };
647 transfer-format ( many-answers | one-answer );
648 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
649 dscp integer ];
650 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
651 ] [ dscp integer ];
652 trust-anchor-telemetry boolean; // experimental
653 trusted-keys { string integer
654 integer integer quoted_string;
655 ... };
656 try-tcp-refresh boolean;
657 update-check-ksk boolean;
658 use-alt-transfer-source boolean;
659 v6-bias integer;
660 zero-no-soa-ttl boolean;
661 zero-no-soa-ttl-cache boolean;
662 zone string [ class ] {
663 allow-notify { address_match_element; ... };
664 allow-query { address_match_element; ... };
665 allow-query-on { address_match_element; ... };
666 allow-transfer { address_match_element; ... };
667 allow-update { address_match_element; ... };
668 allow-update-forwarding { address_match_element; ... };
669 also-notify [ port integer ] [ dscp integer ] { (
670 masters | ipv4_address [ port integer ] |
671 ipv6_address [ port integer ] ) [ key string ];
672 ... };
673 alt-transfer-source ( ipv4_address | * ) [ port (
674 integer | * ) ] [ dscp integer ];
675 alt-transfer-source-v6 ( ipv6_address | * ) [ port (
676 integer | * ) ] [ dscp integer ];
677 auto-dnssec ( allow | maintain | off );
678 check-dup-records ( fail | warn | ignore );
679 check-integrity boolean;
680 check-mx ( fail | warn | ignore );
681 check-mx-cname ( fail | warn | ignore );
682 check-names ( fail | warn | ignore );
683 check-sibling boolean;
684 check-spf ( warn | ignore );
685 check-srv-cname ( fail | warn | ignore );
686 check-wildcard boolean;
687 database string;
688 delegation-only boolean;
689 dialup ( notify | notify-passive | passive | refresh |
690 boolean );
691 dlz string;
692 dnssec-dnskey-kskonly boolean;
693 dnssec-loadkeys-interval integer;
694 dnssec-secure-to-insecure boolean;
695 dnssec-update-mode ( maintain | no-resign );
696 file quoted_string;
697 forward ( first | only );
698 forwarders [ port integer ] [ dscp integer ] { (
699 ipv4_address | ipv6_address ) [ port integer ] [
700 dscp integer ]; ... };
701 in-view string;
702 inline-signing boolean;
703 ixfr-from-differences boolean;
704 journal quoted_string;
705 key-directory quoted_string;
706 masterfile-format ( map | raw | text );
707 masterfile-style ( full | relative );
708 masters [ port integer ] [ dscp integer ] { ( masters
709 | ipv4_address [ port integer ] | ipv6_address [
710 port integer ] ) [ key string ]; ... };
711 max-ixfr-log-size ( default | unlimited |
712 max-journal-size ( unlimited | sizeval );
713 max-records integer;
714 max-refresh-time integer;
715 max-retry-time integer;
716 max-transfer-idle-in integer;
717 max-transfer-idle-out integer;
718 max-transfer-time-in integer;
719 max-transfer-time-out integer;
720 max-zone-ttl ( unlimited | ttlval );
721 min-refresh-time integer;
722 min-retry-time integer;
723 multi-master boolean;
724 notify ( explicit | master-only | boolean );
725 notify-delay integer;
726 notify-source ( ipv4_address | * ) [ port ( integer | *
727 ) ] [ dscp integer ];
728 notify-source-v6 ( ipv6_address | * ) [ port ( integer
729 | * ) ] [ dscp integer ];
730 notify-to-soa boolean;
731 pubkey integer
732 integer
733 integer
734 request-expire boolean;
735 request-ixfr boolean;
736 serial-update-method ( date | increment | unixtime );
737 server-addresses { ( ipv4_address | ipv6_address ); ... };
738 server-names { quoted_string; ... };
739 sig-signing-nodes integer;
740 sig-signing-signatures integer;
741 sig-signing-type integer;
742 sig-validity-interval integer [ integer ];
743 transfer-source ( ipv4_address | * ) [ port ( integer |
744 * ) ] [ dscp integer ];
745 transfer-source-v6 ( ipv6_address | * ) [ port (
746 integer | * ) ] [ dscp integer ];
747 try-tcp-refresh boolean;
748 type ( delegation-only | forward | hint | master | redirect
749 | slave | static-stub | stub );
750 update-check-ksk boolean;
751 update-policy ( local | { ( deny | grant ) string (
752 6to4-self | external | krb5-self | krb5-selfsub |
753 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
754 name | self | selfsub | selfwild | subdomain | tcp-self
755 | wildcard | zonesub ) [ string ] rrtypelist; ... };
756 use-alt-transfer-source boolean;
757 zero-no-soa-ttl boolean;
758 zone-statistics ( full | terse | none | boolean );
759 };
760 zone-statistics ( full | terse | none | boolean );
761 };
762
764 zone string [ class ] {
765 allow-notify { address_match_element; ... };
766 allow-query { address_match_element; ... };
767 allow-query-on { address_match_element; ... };
768 allow-transfer { address_match_element; ... };
769 allow-update { address_match_element; ... };
770 allow-update-forwarding { address_match_element; ... };
771 also-notify [ port integer ] [ dscp integer ] { ( masters |
772 ipv4_address [ port integer ] | ipv6_address [ port
773 integer ] ) [ key string ]; ... };
774 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
775 ] [ dscp integer ];
776 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
777 * ) ] [ dscp integer ];
778 auto-dnssec ( allow | maintain | off );
779 check-dup-records ( fail | warn | ignore );
780 check-integrity boolean;
781 check-mx ( fail | warn | ignore );
782 check-mx-cname ( fail | warn | ignore );
783 check-names ( fail | warn | ignore );
784 check-sibling boolean;
785 check-spf ( warn | ignore );
786 check-srv-cname ( fail | warn | ignore );
787 check-wildcard boolean;
788 database string;
789 delegation-only boolean;
790 dialup ( notify | notify-passive | passive | refresh | boolean );
791 dlz string;
792 dnssec-dnskey-kskonly boolean;
793 dnssec-loadkeys-interval integer;
794 dnssec-secure-to-insecure boolean;
795 dnssec-update-mode ( maintain | no-resign );
796 file quoted_string;
797 forward ( first | only );
798 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
799 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
800 in-view string;
801 inline-signing boolean;
802 ixfr-from-differences boolean;
803 journal quoted_string;
804 key-directory quoted_string;
805 masterfile-format ( map | raw | text );
806 masterfile-style ( full | relative );
807 masters [ port integer ] [ dscp integer ] { ( masters |
808 ipv4_address [ port integer ] | ipv6_address [ port
809 integer ] ) [ key string ]; ... };
810 max-journal-size ( unlimited | sizeval );
811 max-records integer;
812 max-refresh-time integer;
813 max-retry-time integer;
814 max-transfer-idle-in integer;
815 max-transfer-idle-out integer;
816 max-transfer-time-in integer;
817 max-transfer-time-out integer;
818 max-zone-ttl ( unlimited | ttlval );
819 min-refresh-time integer;
820 min-retry-time integer;
821 multi-master boolean;
822 notify ( explicit | master-only | boolean );
823 notify-delay integer;
824 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
825 dscp integer ];
826 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
827 [ dscp integer ];
828 notify-to-soa boolean;
829 pubkey integer integer
830 request-expire boolean;
831 request-ixfr boolean;
832 serial-update-method ( date | increment | unixtime );
833 server-addresses { ( ipv4_address | ipv6_address ); ... };
834 server-names { quoted_string; ... };
835 sig-signing-nodes integer;
836 sig-signing-signatures integer;
837 sig-signing-type integer;
838 sig-validity-interval integer [ integer ];
839 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
840 dscp integer ];
841 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
842 ] [ dscp integer ];
843 try-tcp-refresh boolean;
844 type ( delegation-only | forward | hint | master | redirect | slave
845 | static-stub | stub );
846 update-check-ksk boolean;
847 update-policy ( local | { ( deny | grant ) string ( 6to4-self |
848 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
849 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
850 | subdomain | tcp-self | wildcard | zonesub ) [ string ]
851 rrtypelist; ... };
852 use-alt-transfer-source boolean;
853 zero-no-soa-ttl boolean;
854 zone-statistics ( full | terse | none | boolean );
855 };
856
858 /etc/named.conf
859
861 ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-
862 confgen(8), BIND 9 Administrator Reference Manual.
863
865 Internet Systems Consortium, Inc.
866
868 Copyright © 2004-2019 Internet Systems Consortium, Inc. ("ISC")
869ISC 2019-07-22 NAMED.CONF(5)